CVE-2025-64736
Published: 03 March 2026
Summary
CVE-2025-64736 is a medium-severity Out-of-bounds Read (CWE-125) vulnerability in Libbiosig Project Libbiosig. Its CVSS base score is 6.1 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 11.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and PE-19 (Information Leakage).
Deeper analysis
An out-of-bounds read vulnerability, tracked as CVE-2025-64736 and associated with CWE-125, affects the ABF parsing functionality in The Biosig Project's libbiosig version 3.9.2 and the Master Branch at commit 5462afb0. This flaw allows a specially crafted .abf file to trigger an information disclosure when processed by the library. The vulnerability was published on 2026-03-03 with a CVSS v3.1 base score of 6.1 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L), indicating medium severity primarily due to high confidentiality impact.
Exploitation requires local access and user interaction, with no privileges needed from the attacker. A malicious actor can craft a specially crafted .abf file and provide it to a victim, who must then open or process the file using an application leveraging the vulnerable libbiosig component. Successful exploitation leads to an information leak via the out-of-bounds read, potentially exposing sensitive memory contents, alongside a low availability impact.
Mitigation details and further technical analysis are available in the Talos Intelligence advisory at https://talosintelligence.com/vulnerability_reports/TALOS-2025-2323. Security practitioners should consult this reference for any recommended patches, workarounds, or updates to libbiosig.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-208232
Vulnerability details
An out-of-bounds read vulnerability exists in the ABF parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (5462afb0). A specially crafted .abf file can lead to an information leak. An attacker can provide a malicious file to trigger…
more
this vulnerability.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OOB read in local file parser enables info disclosure via crafted .abf file opened by victim (User Execution: Malicious File).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of all inputs (including file contents) to reject malformed ABF structures before an out-of-bounds read can occur.
Enforces memory-protection mechanisms that can block or contain the unauthorized memory reads triggered by the crafted ABF file.
Explicitly addresses controls to stop unauthorized disclosure of information resulting from the out-of-bounds read in the ABF parser.