CVE Alert: CVE-2025-46411 - The Biosig Project - libbiosig

CVE-2025-46411

HIGHNo exploitation known

A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVSS v3.1 (8.1)

AV NETWORK · AC HIGH · PR NONE · UI NONE · S UNCHANGED

Vendor

The Biosig Project

Product

libbiosig

Versions

3.9.0 | Master Branch (35a819fa)

CWE

CWE-121, CWE-121: Stack-based Buffer Overflow

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Published

2025-08-25T13:53:41.126Z

Updated

2025-08-25T13:53:41.126Z

References

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2236

AI Summary Analysis

Risk verdict

High risk: remote code execution is possible via a specially crafted MFER file delivered over the network, with no user interaction required.

Why this matters

Exploitation could give an attacker control of the host running libbiosig, potentially impacting device availability, data integrity, and confidentiality. In healthcare or lab environments, this raises patient safety concerns and operational disruption if medical or research devices are compromised.

Most likely attack path

An attacker would deliver a malicious MFER file to a network-accessible service that uses libbiosig. With no privileges or user interaction required, and a network attack surface, successful exploitation could execute arbitrary code within the host process. The high attack complexity lowers automatic mass exploitation, but exposed deployments (e.g., network-connected devices processing MFER data) remain viable targets.

Who is most exposed

Devices and software suites that embed libbiosig and parse external MFER files, common in medical devices, bedside monitoring, and biosignal research equipment, especially in networked clinical or laboratory settings.

Detection ideas

Crashes, segfaults, or memory corruption logs tied to the libbiosig process.
Repeated parsing errors or failed file loads from MFER inputs.
Unusual process restarts or service outages linked to MFER processing.
Unusual network activity attempting to deliver MFER files to relevant services.
Core dumps or significant memory growth during parsing.

Mitigation and prioritisation

Patch to a fixed libbiosig release; confirm available vendor update and apply in a test environment before production.
If patching is delayed, implement input validation and strict whitelisting for MFER files; disable external parsing where feasible.
Network segmentation and least-privilege access for services handling MFER data; monitor for anomalous parsing activity.
Enable memory protection (ASLR/DEP) and verify robust crash handling in affected processes.
If KEV is true or EPSS ≥ 0.5, treat as priority 1; otherwise plan a rapid patch window with a risk-based mitigation approach.

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee

Patreon

To keep up to date follow us on the below channels.

Tags: CVE, cve-2025-46411, libbiosig, OSINT, the-biosig-project, threatintel

CVE Alert: CVE-2025-46411 – The Biosig Project – libbiosig