CVE-2025-54484
Published: 25 August 2025
Summary
CVE-2025-54484 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Libbiosig Project Libbiosig. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 44.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Mandates validation of MFER file inputs, including length checks before reading into fixed-size buffers, directly preventing the stack-based buffer overflow during tag 6 parsing.
Requires timely flaw remediation by patching the specific buffer overflow vulnerability in libbiosig as detailed in the TALOS-2025-2234 advisory.
Implements memory protections such as non-executable stacks or canaries that mitigate arbitrary code execution from the stack-based buffer overflow even if invalid input is processed.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in file parser enables remote arbitrary code execution via crafted MFER input (T1190 for public-facing apps or T1203 for client-side exploitation).
NVD Description
A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to…
more
trigger this vulnerability.This vulnerability manifests on line 8779 of biosig.c on the current master branch (35a819fa), when the Tag is 6: else if (tag==6) // 0x06 "number of sequences" { // NRec if (len>4) fprintf(stderr,"Warning MFER tag6 incorrect length %i>4\n",len); curPos += ifread(buf,1,len,hdr);
Deeper analysisAI
A stack-based buffer overflow vulnerability, tracked as CVE-2025-54484 and published on 2025-08-25, affects the MFER parsing functionality in The Biosig Project's libbiosig version 3.9.0 and the master branch at commit 35a819fa. The issue, classified under CWE-121, occurs in biosig.c at line 8779 during handling of tag 6 (representing the number of sequences), where the code reads data into a fixed-size buffer without sufficient bounds checking: if (len>4) issues a warning but proceeds with curPos += ifread(buf,1,len,hdr);. A specially crafted MFER file can trigger the overflow, leading to arbitrary code execution.
The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating it is exploitable remotely with low complexity, no privileges or user interaction required. Any attacker able to supply a malicious MFER file to an application using the affected libbiosig parsing can achieve arbitrary code execution, potentially compromising confidentiality, integrity, and availability of the target system.
Details on mitigation and patches are available in the Cisco Talos Intelligence advisory TALOS-2025-2234, accessible at https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234.
Details
- CWE(s)