Cyber Resilience

CVE-2025-64736

MediumPublic PoC

Published: 03 March 2026

Published
03 March 2026
Modified
05 March 2026
KEV Added
Patch
CVSS Score v3.1 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L
EPSS Score 0.0004 11.0th percentile
Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-64736 is a medium-severity Out-of-bounds Read (CWE-125) vulnerability in Libbiosig Project Libbiosig. Its CVSS base score is 6.1 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 11.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and PE-19 (Information Leakage).

Deeper analysis

An out-of-bounds read vulnerability, tracked as CVE-2025-64736 and associated with CWE-125, affects the ABF parsing functionality in The Biosig Project's libbiosig version 3.9.2 and the Master Branch at commit 5462afb0. This flaw allows a specially crafted .abf file to trigger an information disclosure when processed by the library. The vulnerability was published on 2026-03-03 with a CVSS v3.1 base score of 6.1 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L), indicating medium severity primarily due to high confidentiality impact.

Exploitation requires local access and user interaction, with no privileges needed from the attacker. A malicious actor can craft a specially crafted .abf file and provide it to a victim, who must then open or process the file using an application leveraging the vulnerable libbiosig component. Successful exploitation leads to an information leak via the out-of-bounds read, potentially exposing sensitive memory contents, alongside a low availability impact.

Mitigation details and further technical analysis are available in the Talos Intelligence advisory at https://talosintelligence.com/vulnerability_reports/TALOS-2025-2323. Security practitioners should consult this reference for any recommended patches, workarounds, or updates to libbiosig.

EU & UK References

Vulnerability details

An out-of-bounds read vulnerability exists in the ABF parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (5462afb0). A specially crafted .abf file can lead to an information leak. An attacker can provide a malicious file to trigger…

more

this vulnerability.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
Why these techniques?

OOB read in local file parser enables info disclosure via crafted .abf file opened by victim (User Execution: Malicious File).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-54481Same product: Libbiosig Project Libbiosig
CVE-2025-46411Same product: Libbiosig Project Libbiosig
CVE-2025-54483Same product: Libbiosig Project Libbiosig
CVE-2025-66044Same product: Libbiosig Project Libbiosig
CVE-2025-66045Same product: Libbiosig Project Libbiosig
CVE-2025-54491Same product: Libbiosig Project Libbiosig
CVE-2025-54482Same product: Libbiosig Project Libbiosig
CVE-2025-54490Same product: Libbiosig Project Libbiosig
CVE-2026-20777Same product: Libbiosig Project Libbiosig
CVE-2025-54484Same product: Libbiosig Project Libbiosig

Affected Assets

libbiosig project
libbiosig
3.9.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of all inputs (including file contents) to reject malformed ABF structures before an out-of-bounds read can occur.

prevent

Enforces memory-protection mechanisms that can block or contain the unauthorized memory reads triggered by the crafted ABF file.

prevent

Explicitly addresses controls to stop unauthorized disclosure of information resulting from the out-of-bounds read in the ABF parser.

References