CVE-2025-66047
Published: 11 December 2025
Summary
CVE-2025-66047 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Libbiosig Project Libbiosig. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 31.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly addresses the buffer overflow vulnerability by requiring timely flaw remediation through patching or upgrading libbiosig to a non-vulnerable version.
Provides memory protections such as stack guards and DEP to prevent arbitrary code execution from stack-based buffer overflows during MFER parsing.
Mandates validation of MFER file inputs to reject malformed files that could trigger the parsing buffer overflows in libbiosig.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability enables remote unauthenticated arbitrary code execution (AV:N/AC:L/PR:N/UI:N) via a crafted MFER file processed by applications using the libbiosig library, directly mapping to exploitation of public-facing applications.
NVD Description
Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger these vulnerabilities.When Tag…
more
is 131
Deeper analysisAI
CVE-2025-66047 involves several stack-based buffer overflow vulnerabilities (CWE-121 and CWE-787) in the MFER parsing functionality of The Biosig Project's libbiosig version 3.9.1. These issues arise when processing a specially crafted MFER file, particularly with Tag 131, and can lead to arbitrary code execution.
The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), making it exploitable over the network with low attack complexity, no required privileges, and no user interaction. An unauthenticated attacker can provide a malicious MFER file to an application or system using the affected library, potentially achieving arbitrary code execution and high-impact compromise of confidentiality, integrity, and availability.
Mitigation guidance is available in the Talos Intelligence advisory at https://talosintelligence.com/vulnerability_reports/TALOS-2025-2296.
Details
- CWE(s)