CVE-2025-54486
Published: 25 August 2025
Summary
CVE-2025-54486 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Libbiosig Project Libbiosig. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 44.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-2 requires identifying, reporting, and correcting system flaws like the stack-based buffer overflow in libbiosig's MFER parsing at biosig.c line 8824, directly remediating the vulnerability to prevent arbitrary code execution.
SI-10 mandates validation of information inputs such as the 'len' parameter in MFER tag 11 processing, preventing the buffer overflow by enforcing bounds checks before reading into the fixed-size buffer.
SI-16 implements memory safeguards like stack canaries, ASLR, and DEP to protect against stack-based buffer overflows in libbiosig's MFER parsing, blocking unauthorized code execution from overflow exploitation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in remote MFER file parsing enables unauthenticated RCE with no user interaction, directly facilitating exploitation of public-facing applications.
NVD Description
A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to…
more
trigger this vulnerability.This vulnerability manifests on line 8824 of biosig.c on the current master branch (35a819fa), when the Tag is 11: else if (tag==11) //0x0B { // Fs if (len>6) fprintf(stderr,"Warning MFER tag11 incorrect length %i>6\n",len); double fval; curPos += ifread(buf,1,len,hdr);
Deeper analysisAI
A stack-based buffer overflow vulnerability, tracked as CVE-2025-54486 and assigned CWE-121, affects the MFER parsing functionality in The Biosig Project's libbiosig version 3.9.0 and the master branch at commit 35a819fa. The issue occurs in biosig.c at line 8824 during handling of tag 11 (0x0B), where insufficient bounds checking on the 'len' parameter during a read operation into a fixed-size buffer allows overflow. A specially crafted MFER file can trigger this flaw, leading to arbitrary code execution. The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity.
Any unauthenticated attacker with the ability to supply a malicious MFER file to a vulnerable application using libbiosig can exploit this remotely with low complexity and no user interaction required. Successful exploitation enables arbitrary code execution in the context of the affected process, potentially granting full control over the system depending on the privileges of the parsing application.
Mitigation details and additional technical analysis are available in the Talos Intelligence advisory at https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234.
Details
- CWE(s)