CVE-2025-54485
Published: 25 August 2025
Summary
CVE-2025-54485 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Libbiosig Project Libbiosig. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 44.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-2 requires timely remediation of flaws, directly addressing this CVE by mandating updates to vulnerable libbiosig versions to fix the buffer overflow.
SI-10 enforces validation of information inputs like MFER file lengths and structures, preventing the improper reading into fixed-size buffers that triggers the overflow.
SI-16 implements memory protections such as stack canaries and DEP, blocking arbitrary code execution resulting from the stack-based buffer overflow.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack buffer overflow in file parser enables remote arbitrary code execution via malicious MFER input with no auth/UI required.
NVD Description
A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to…
more
trigger this vulnerability.This vulnerability manifests on line 8785 of biosig.c on the current master branch (35a819fa), when the Tag is 8: else if (tag==8) { if (len>2) fprintf(stderr,"Warning MFER tag8 incorrect length %i>2\n",len); curPos += ifread(buf,1,len,hdr);
Deeper analysisAI
A stack-based buffer overflow vulnerability, tracked as CVE-2025-54485 and associated with CWE-121, affects the MFER parsing functionality in The Biosig Project's libbiosig version 3.9.0 and the master branch at commit 35a819fa. The issue occurs in biosig.c at line 8785 during handling of MFER tag 8, where a specially crafted MFER file can trigger the overflow due to improper length checks before reading data into a fixed-size buffer via ifread. This vulnerability enables arbitrary code execution when the malicious file is processed.
The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating it is exploitable remotely over the network with low complexity, requiring no privileges or user interaction. Any unauthenticated attacker who can supply a malicious MFER file to an application using the affected libbiosig version can achieve arbitrary code execution, potentially leading to full system compromise depending on the context in which the library is deployed.
Mitigation details and additional technical analysis are available in the Talos Intelligence advisory TALOS-2025-2234, accessible at https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234.
Details
- CWE(s)