CVE-2025-54490
Published: 25 August 2025
Summary
CVE-2025-54490 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Libbiosig Project Libbiosig. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 44.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires validation of input lengths like 'len' before copying into fixed-size buffers such as 'tmp' during MFER file parsing to directly prevent stack buffer overflows.
Implements memory protections like stack canaries, ASLR, and DEP to prevent or detect exploitation of the stack-based buffer overflow leading to arbitrary code execution.
Mandates timely flaw remediation including patching the buffer overflow vulnerability in libbiosig's MFER parsing code at biosig.c line 9090.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in remote MFER file parsing directly enables remote arbitrary code execution (T1190 Exploit Public-Facing Application) with no user interaction or privileges required.
NVD Description
A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to…
more
trigger this vulnerability.This vulnerability manifests on line 9090 of biosig.c on the current master branch (35a819fa), when the Tag is 64: else if (tag==64) //0x40 { // preamble char tmp[256]; // [1] curPos += ifread(tmp,1,len,hdr); In this case, the overflowed buffer is the newly-declared `tmp` \[1\] instead of `buf`. While `tmp` is larger than `buf`, having a size of 256 bytes, a stack overflow can still occur in cases where `len` is encoded using multiple octets and is greater than 256.
Deeper analysisAI
CVE-2025-54490 is a stack-based buffer overflow vulnerability in the MFER parsing functionality of The Biosig Project's libbiosig version 3.9.0 and the master branch at commit 35a819fa. The issue occurs in biosig.c at line 9090 when processing tag 64 (0x40), where a local buffer `tmp` of 256 bytes is declared and filled via `ifread(tmp, 1, len, hdr)`. If `len` exceeds 256 bytes—particularly when encoded across multiple octets—this leads to a stack overflow, enabling arbitrary code execution from a specially crafted MFER file. The vulnerability is rated with a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-121 (Stack-based Buffer Overflow).
Any attacker capable of supplying a malicious MFER file to an application using the affected libbiosig can exploit this vulnerability remotely with low complexity, no privileges, and no user interaction required. Successful exploitation allows arbitrary code execution on the target system, potentially leading to full compromise including high confidentiality, integrity, and availability impacts as per the CVSS vector.
Talos Intelligence has published detailed advisories on this vulnerability, available at https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234 and https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2234, which provide further technical analysis. No specific patches or mitigations are detailed in the available information.
Details
- CWE(s)