CVE-2025-50343 – A heap-based memory corruption vulnerability in... (How to Fix)

Q: What is the severity of CVE-2025-50343?

CVE-2025-50343 has a CVSS score of 9.8 (CRITICAL). A heap-based memory corruption vulnerability in matio library versions up to 1.5.28 allows attackers to cause out-of-bounds reads and invalid memory frees. This can lead to denial of service, information disclosure, or potentially remote code execution. Any application using the vulnerable matio library to parse MAT files is affected.

📋 TL;DR

A heap-based memory corruption vulnerability in matio library versions up to 1.5.28 allows attackers to cause out-of-bounds reads and invalid memory frees. This can lead to denial of service, information disclosure, or potentially remote code execution. Any application using the vulnerable matio library to parse MAT files is affected.

💻 Affected Systems

Products:

matio library

Versions: Up to and including 1.5.28

Operating Systems: All platforms where matio is used

Default Config Vulnerable: ⚠️ Yes

Notes: Any application that uses matio to parse MAT files from untrusted sources is vulnerable.

📦 What is this software?

Matio by Matio Project

View all CVEs affecting Matio →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise if the vulnerability can be weaponized for arbitrary code execution.

🟠

Likely Case

Denial of service through application crashes or segmentation faults, potentially leading to information disclosure via memory leaks.

🟢

If Mitigated

Application crashes with no data loss if proper input validation and sandboxing are in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Proof of concept demonstrates crash, but weaponization for RCE would require additional exploitation techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.5.29 or later

Vendor Advisory: https://github.com/tbeu/matio/issues/275

Restart Required: Yes

Instructions:

1. Update matio to version 1.5.29 or later
2. Recompile any applications using matio
3. Restart affected services

🔧 Temporary Workarounds

Input validation

all

Validate MAT files before processing with matio library

Sandbox parsing

all

Run matio parsing in isolated containers or sandboxes

🧯 If You Can't Patch

Restrict access to MAT file parsing functionality to trusted sources only
Implement network segmentation to isolate systems using matio

🔍 How to Verify

Check if Vulnerable:

Check matio version with 'matio-config --version' or check library version in application dependencies

Check Version:

matio-config --version

Verify Fix Applied:

Verify matio version is 1.5.29 or later and test with known malicious MAT files

📡 Detection & Monitoring

Log Indicators:

Segmentation fault errors in application logs
Unexpected process termination of applications using matio

Network Indicators:

Unusual MAT file uploads to applications
Network traffic patterns indicating exploitation attempts

SIEM Query:

source="application.logs" AND ("segmentation fault" OR "heap corruption") AND process="*matio*"

📊 Metadata

CVE ID: CVE-2025-50343

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-122

EPSS Score: 0.09% exploit probability (24.9th percentile)

Published: December 30, 2025

Last Updated: January 9, 2026

🔗 References

https://github.com/tbeu/matio/issues/275 Exploit,Issue Tracking,Third Party Advisory
https://github.com/zakkanijia/POC/blob/main/matio/CVE-2025-50343/matio.md Exploit,Third Party Advisory
https://github.com/tbeu/matio/issues/275 Exploit,Issue Tracking,Third Party Advisory
https://github.com/zakkanijia/POC/blob/main/matio/CVE-2025-50343/matio.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-50343, you might also want to check these: