Stack-Based Buffer Overflow in Biosig Project's libbiosig Software
CVE-2025-66047

9.8CRITICAL

Key Information:

Vendor: The BiOSig Project
Status: LibbiOSig
Vendor: CVE Published:; 11 December 2025

🔔 Create The BiOSig Project Vulnerability Alert

What is CVE-2025-66047?

A critical stack-based buffer overflow vulnerability exists in the MFER parsing functionality of libbiosig version 3.9.1. By crafting a specially designed MFER file, an attacker can exploit this vulnerability to execute arbitrary code. This can occur when the tag is set to 131, allowing unauthorized system control and potential compromise of data integrity and confidentiality.

Affected Version(s)

libbiosig 3.9.1

References

https://talosintelligence.com/vulnerability_reports/TALOS...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 11, 2025
Vulnerability Reserved
Nov 21, 2025

Credit

Discovered by Mark Bereza and Lilith >_> of Cisco Talos.

JSON