CVE-2025-54878
Published: 11 August 2025
Summary
CVE-2025-54878 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Nasa Cryptolib. Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 40.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Mandates identification, prioritization, and timely patching of software flaws like this heap buffer overflow in CryptoLib, directly addressing the vulnerability fixed in version 1.4.0.
Requires bounds checking and validation of telecommand frame inputs, including IV lengths, to prevent malformed frames from triggering the buffer overflow.
Enforces memory protection mechanisms such as heap isolation, randomization, and non-executable regions to mitigate heap corruption from the one-byte overflow.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote (AV:N/PR:N) heap buffer overflow in telecommand processing enables unauthenticated exploitation for potential RCE (T1190, T1210) or DoS crash (T1499.004).
NVD Description
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. A heap buffer overflow vulnerability exists in…
more
NASA CryptoLib version 1.4.0 and prior in the IV setup logic for telecommand frames. The problem arises from missing bounds checks when copying the Initialization Vector (IV) into a freshly allocated buffer. An attacker can supply a crafted TC frame that causes the library to write one byte past the end of the heap buffer, leading to heap corruption and undefined behaviour. An attacker supplying a malformed telecommand frame can corrupt heap memory. This leads to undefined behaviour, which could manifest itself as a crash (denial of service) or more severe exploitation. This issue has been patched in version 1.4.0.
Deeper analysisAI
CVE-2025-54878 is a heap buffer overflow vulnerability (CWE-122) affecting NASA CryptoLib version 1.4.0 and prior. CryptoLib provides a software-only solution implementing the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. The flaw resides in the IV setup logic for telecommand frames, where missing bounds checks allow the Initialization Vector (IV) to be copied into a freshly allocated heap buffer, enabling a one-byte write past the buffer's end.
An attacker able to supply a crafted or malformed telecommand (TC) frame can trigger heap corruption and undefined behavior in the library. This may result in a crash (denial of service) or more severe exploitation outcomes. The CVSS v3.1 base score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H) reflects its network accessibility, low complexity, lack of required privileges or user interaction, and potential for limited confidentiality/integrity impact alongside high availability impact.
The issue has been addressed in CryptoLib version 1.4.0. Mitigation details are available in the GitHub security advisory (GHSA-9qph-pxfm-q9g4) and the associated patching commit (9b5b294ec09da450d2d4d05aea2db604ead48be1), which security practitioners should consult for upgrade guidance.
Details
- CWE(s)