CVE-2025-66216

CVE-2025-66216 is a heap buffer overflow vulnerability in the AIS::Message class of AIS-catcher, an open-source multi-platform AIS receiver software. Affecting versions prior to 0.64, the flaw enables an attacker to write approximately 1KB of arbitrary data into a 128-byte buffer, stemming from improper handling of input sizes as indicated by associated CWEs-131 (Incorrect Calculation of Buffer Size) and CWE-787 (Out-of-bounds Write). The vulnerability carries a CVSS v3.1 base score of 9.8, reflecting its critical severity due to network accessibility, low attack complexity, and no requirements for privileges or user interaction.

The vulnerability can be exploited remotely by unauthenticated attackers over the network with minimal prerequisites. Successful exploitation allows arbitrary code execution, data corruption, or denial of service by overwriting heap memory beyond the intended buffer boundaries, potentially compromising the AIS-catcher's functionality in receiving and processing Automatic Identification System (AIS) maritime data transmissions.

Mitigation is available through upgrading to AIS-catcher version 0.64, where the issue has been addressed via a specific commit. Official guidance is provided in the project's GitHub security advisory (GHSA-v53x-f5hh-g2g6) and the corresponding patch commit, recommending users review and apply the update promptly to prevent exploitation.