Cyber Posture

CVE-2025-66047

CriticalPublic PoC

Published: 11 December 2025

Published
11 December 2025
Modified
17 December 2025
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0019 40.7th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger these vulnerabilities.When Tag…

more

is 131

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly addresses the buffer overflow vulnerability by requiring timely flaw remediation through patching or upgrading libbiosig to a non-vulnerable version.

SI-16 Memory Protection good match
prevent

Provides memory protections such as stack guards and DEP to prevent arbitrary code execution from stack-based buffer overflows during MFER parsing.

SI-10 Information Input Validation partial match
prevent

Mandates validation of MFER file inputs to reject malformed files that could trigger the parsing buffer overflows in libbiosig.

Security SummaryAI

CVE-2025-66047 involves several stack-based buffer overflow vulnerabilities (CWE-121 and CWE-787) in the MFER parsing functionality of The Biosig Project's libbiosig version 3.9.1. These issues arise when processing a specially crafted MFER file, particularly with Tag 131, and can lead to arbitrary code execution.

The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), making it exploitable over the network with low attack complexity, no required privileges, and no user interaction. An unauthenticated attacker can provide a malicious MFER file to an application or system using the affected library, potentially achieving arbitrary code execution and high-impact compromise of confidentiality, integrity, and availability.

Mitigation guidance is available in the Talos Intelligence advisory at https://talosintelligence.com/vulnerability_reports/TALOS-2025-2296.

Details

CWE(s)
CWE-121CWE-787

Affected Products

libbiosig project
libbiosig
≤ 3.9.2

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

The vulnerability enables remote unauthenticated arbitrary code execution (AV:N/AC:L/PR:N/UI:N) via a crafted MFER file processed by applications using the libbiosig library, directly mapping to exploitation of public-facing applications.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References