CVE-2025-54492
Published: 25 August 2025
Summary
CVE-2025-54492 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Libbiosig Project Libbiosig. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 44.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-2 requires timely identification, reporting, and remediation of system flaws, directly addressing this stack buffer overflow by applying patches to vulnerable libbiosig versions.
SI-16 implements memory protection mechanisms like stack canaries, ASLR, and DEP that mitigate stack-based buffer overflow exploits leading to arbitrary code execution.
SI-10 enforces validation of information inputs such as MFER files to restrict malformed data like oversized 'len' values that trigger the buffer overflow in libbiosig parsing.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack buffer overflow in remote-reachable MFER file parser directly enables unauthenticated remote code execution (AV:N, UI:N).
NVD Description
A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to…
more
trigger this vulnerability.This vulnerability manifests on line 9141 of biosig.c on the current master branch (35a819fa), when the Tag is 67: else if (tag==67) //0x43: Sample skew { int skew=0; // [1] curPos += ifread(&skew, 1, len,hdr); In this case, the address of the newly-defined integer `skew` \[1\] is overflowed instead of `buf`. This means a stack overflow can occur using much smaller values of `len` in this code path.
Deeper analysisAI
CVE-2025-54492 is a stack-based buffer overflow vulnerability in the MFER parsing functionality of The Biosig Project's libbiosig version 3.9.0 and the master branch at commit 35a819fa. The issue occurs in biosig.c at line 9141 when processing tag 67 (Sample skew), where a local integer variable 'skew' is incorrectly used for reading data instead of the intended buffer 'buf'. This allows a specially crafted MFER file to overflow the stack with relatively small values of the 'len' parameter, potentially leading to arbitrary code execution. The vulnerability is classified under CWE-121 with a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Any attacker capable of supplying a malicious MFER file to an application using the affected libbiosig versions can exploit this vulnerability remotely with low complexity, no privileges, and no user interaction required. Successful exploitation enables arbitrary code execution on the target system, granting high levels of confidentiality, integrity, and availability impact as per the CVSS score.
For mitigation details, refer to the primary advisory at Talos Intelligence under TALOS-2025-2234.
Details
- CWE(s)