Heap Buffer Overflow Vulnerability in NASA CryptoLib Software
CVE-2025-54878

8.6HIGH

Key Information:

Vendor: Nasa
Status: Cryptolib
Vendor: CVE Published:; 11 August 2025

What is CVE-2025-54878?

NASA's CryptoLib library, which implements the CCSDS Space Data Link Security Protocol for securing communications between spacecraft and ground stations, is vulnerable to a heap buffer overflow. This flaw is present in the IV setup logic for telecommand frames in versions prior to 1.4.0. The vulnerability results from insufficient bounds checks when copying the Initialization Vector (IV), allowing attackers to craft malicious telecommand frames that may overwrite memory beyond the intended buffer limits. This condition can lead to heap corruption, resulting in unpredictable behavior such as crashes or potential exploitation of the system.

Affected Version(s)

CryptoLib < 1.4.1

References

https://github.com/nasa/CryptoLib/security/advisories/GHS...

x_refsource_CONFIRM

https://github.com/nasa/CryptoLib/commit/9b5b294ec09da450...

x_refsource_MISC

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 11, 2025
Vulnerability Reserved
Jul 31, 2025

Nasa

What is CVE-2025-54878?

Affected Version(s)

References

CVSS V3.1

Timeline