Integer Underflow in AIS-catcher MQTT Parsing Logic
CVE-2025-66217

8.8HIGH

Key Information:

Vendor: Jvde-github
Status: Ais-catcher
Vendor: CVE Published:; 29 November 2025

🔔 Create Jvde-github Vulnerability Alert

What is CVE-2025-66217?

AIS-catcher, a multi-platform AIS receiver, prior to version 0.64, contains an integer underflow vulnerability in its MQTT parsing logic. This flaw can be exploited by an attacker through a crafted MQTT packet that manipulates the Topic Length field, triggering a significant Heap Buffer Overflow. The outcome of this exploit can lead to Denial of Service (DoS) and, when utilized in library contexts, causes critical Memory Corruption that may enable Remote Code Execution (RCE). Users are encouraged to upgrade to version 0.64 or later to mitigate this vulnerability.

Affected Version(s)

AIS-catcher < 0.64

References

https://github.com/jvde-github/AIS-catcher/security/advis...

x_refsource_CONFIRM

https://github.com/jvde-github/AIS-catcher/commit/e0f7242...

x_refsource_MISC

CVSS V4

Score:

8.8

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Nov 29, 2025
Vulnerability Reserved
Nov 24, 2025

JSON