CVE-2025-29909

HIGH EPSS 58.2%
Published Mar 17, 20251y ago · Modified Jun 17, 20262w ago
8.9 CVSS 4.0
High
Find Similar
Published Mar 17, 2025 1y ago
Last Modified Jun 17, 2026 2w ago

Description

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. In versions 1.3.3 and prior, a heap buffer overflow vulnerability in CryptoLib's `Crypto_TC_ApplySecurity()` allows an attacker to craft a malicious TC frame that causes out-of-bounds memory writes. This can result in denial of service (DoS) or, under certain conditions, remote code execution (RCE). Any application or system that relies on CryptoLib for Telecommand (TC) processing and does not strictly validate incoming TC frames is at risk. This includes satellite ground stations or mission control software where attackers can inject malformed frames. A patch is available at commit c7e8a8745ff4b5e9bd7e500e91358e86d5abedcc.

CVSS Details

Base Score
8.9
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
58.2% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 2

CWE-191
CWE-787 Out-of-bounds Write Memory Safety

Affected Products 1

VendorProductVersionRange
nasacryptolib* <1.4.0

References 2

  • github.com https://github.com/nasa/CryptoLib/commit/c7e8a8745ff4b5e9bd7e500e91358e86d5abedcc
    Patch
  • github.com https://github.com/nasa/CryptoLib/security/advisories/GHSA-q2pc-c3jx-3852
    ExploitVendor Advisory

Remediation

  • github.com https://github.com/nasa/CryptoLib/commit/c7e8a8745ff4b5e9bd7e500e91358e86d5abedcc
    Patch