Cyber Posture

CVE-2025-66046

CriticalPublic PoC

Published: 11 December 2025

Published
11 December 2025
Modified
17 December 2025
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0019 40.7th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger these vulnerabilities.When Tag…

more

is 67

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly mitigates the stack-based buffer overflow in libbiosig by requiring timely remediation through patching or upgrading to a non-vulnerable version.

SI-16 Memory Protection good match
prevent

Implements memory protections such as stack canaries, ASLR, and DEP to prevent arbitrary code execution from stack buffer overflows during MFER parsing.

SI-10 Information Input Validation partial match
prevent

Requires validation of MFER file inputs before parsing to reject specially crafted files that trigger the Tag 67 buffer overflow vulnerability.

Security SummaryAI

CVE-2025-66046 involves several stack-based buffer overflow vulnerabilities (CWE-121, CWE-787) in the MFER parsing functionality of The Biosig Project's libbiosig version 3.9.1. These flaws occur specifically when processing Tag 67 in a specially crafted MFER file, which can trigger arbitrary code execution. The vulnerability carries a CVSS v3.1 base score of 9.8, reflecting its critical severity due to network accessibility, low attack complexity, and lack of prerequisites.

An unauthenticated attacker (PR:N) can exploit this remotely (AV:N) with low complexity (AC:L) and no user interaction (UI:N), by providing a malicious MFER file to an application using the affected libbiosig library. Successful exploitation leads to high-impact arbitrary code execution, compromising confidentiality (C:H), integrity (I:H), and availability (A:H) within the unchanged security scope (S:U).

Mitigation details are outlined in the Talos Intelligence advisory at https://talosintelligence.com/vulnerability_reports/TALOS-2025-2296.

Details

CWE(s)
CWE-121CWE-787

Affected Products

libbiosig project
libbiosig
≤ 3.9.2

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Remote (AV:N), unauthenticated (PR:N), no-interaction (UI:N) buffer overflow enabling arbitrary code execution via malicious MFER file directly facilitates exploitation of public-facing applications.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References