Login Sign Up

CVE-2025-2337

6.3 MEDIUM
Denial of Service

📋 TL;DR

A critical heap-based buffer overflow vulnerability in matio library versions 1.5.28 allows remote attackers to execute arbitrary code or cause denial of service by exploiting the Mat_VarPrint function. This affects any application that uses the matio library to process MAT files. The vulnerability is remotely exploitable and public exploit details exist.

💻 Affected Systems

Products:
  • matio library
Versions: 1.5.28
Operating Systems: All platforms where matio is used
Default Config Vulnerable: ⚠️ Yes
Notes: Any application that uses matio library to process MAT files is vulnerable when handling malicious files.

📦 What is this software?

Matio by Matio Project

View all CVEs affecting Matio →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Application crash (denial of service) with potential for remote code execution in vulnerable configurations.

🟢

If Mitigated

Application crash without code execution if exploit fails or mitigations are in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit details are publicly disclosed in GitHub issues. Attack requires processing a malicious MAT file.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check GitHub repository for latest patched version

Vendor Advisory: https://github.com/tbeu/matio/issues/267

Restart Required: Yes

Instructions:

1. Check current matio version. 2. Update to latest patched version from official repository. 3. Rebuild and redeploy any applications using matio. 4. Restart affected services.

🔧 Temporary Workarounds

Input validation for MAT files

all

Implement strict validation of MAT files before processing with matio library

Sandbox matio processing

all

Isolate matio file processing in container or restricted environment

🧯 If You Can't Patch

  • Implement network segmentation to isolate systems using matio
  • Deploy application allowlisting to prevent unauthorized code execution

🔍 How to Verify

Check if Vulnerable:

Check if application uses matio version 1.5.28 via package manager or dependency check

Check Version:

pkg-config --modversion matio (Linux) or check package manager

Verify Fix Applied:

Verify matio version is updated beyond 1.5.28 and test with known safe MAT files

📡 Detection & Monitoring

Log Indicators:

  • Application crashes with segmentation faults
  • Unusual memory allocation patterns
  • Failed MAT file processing

Network Indicators:

  • Unexpected MAT file transfers to vulnerable systems
  • Exploit traffic patterns

SIEM Query:

source="application_logs" AND ("segmentation fault" OR "buffer overflow" OR "matio")

📊 Metadata

CVE ID: CVE-2025-2337
CVSS v3 Score: 6.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CWE: CWE-119
EPSS Score: 0.54% exploit probability (66.9th percentile)
Published: March 16, 2025
Last Updated: August 26, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-2337, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)