Login Sign Up

CVE-2025-54878

8.6 HIGH
Denial of Service

📋 TL;DR

A heap buffer overflow vulnerability in NASA CryptoLib versions 1.4.0 and prior allows attackers to corrupt heap memory by sending specially crafted telecommand frames. This affects spacecraft communications secured using the SDLS-EP protocol with vulnerable CryptoLib implementations. Successful exploitation could lead to denial of service or potentially more severe consequences.

💻 Affected Systems

Products:
  • NASA CryptoLib
Versions: 1.4.0 and prior
Operating Systems: All platforms running cFS with CryptoLib
Default Config Vulnerable: ⚠️ Yes
Notes: Affects spacecraft using cFS with CryptoLib for SDLS-EP secured communications

📦 What is this software?

Cryptolib by Nasa

View all CVEs affecting Cryptolib →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete compromise of spacecraft communications, potential command injection, or persistent backdoor installation

🟠

Likely Case

Denial of service through application crashes, disrupting spacecraft-ground station communications

🟢

If Mitigated

Limited impact with proper network segmentation and input validation controls in place

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires ability to send telecommand frames to vulnerable systems

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.4.0 (patched version)

Vendor Advisory: https://github.com/nasa/CryptoLib/security/advisories/GHSA-9qph-pxfm-q9g4

Restart Required: Yes

Instructions:

1. Download CryptoLib version 1.4.0 or later from GitHub
2. Replace vulnerable CryptoLib installation
3. Rebuild and redeploy affected cFS applications
4. Restart spacecraft communications services

🔧 Temporary Workarounds

Input Validation Filter

all

Implement network-level filtering to validate telecommand frame structure before processing

Memory Protection

linux

Enable ASLR and other memory protection mechanisms on host systems

sysctl -w kernel.randomize_va_space=2

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate spacecraft communications from untrusted networks
  • Deploy intrusion detection systems to monitor for anomalous telecommand patterns

🔍 How to Verify

Check if Vulnerable:

Check CryptoLib version in use and verify if it's 1.4.0 or earlier

Check Version:

Check build configuration or source code for CryptoLib version information

Verify Fix Applied:

Verify CryptoLib version is 1.4.0 (patched) or later and validate bounds checking in IV setup logic

📡 Detection & Monitoring

Log Indicators:

  • Application crashes in cFS/CryptoLib processes
  • Memory corruption errors in system logs
  • Abnormal telecommand frame processing errors

Network Indicators:

  • Unusually large or malformed telecommand frames
  • Multiple connection attempts with crafted payloads

SIEM Query:

source="*cfs*" OR source="*cryptolib*" AND (error OR crash OR "heap corruption" OR "buffer overflow")

📊 Metadata

CVE ID: CVE-2025-54878
CVSS v3 Score: 8.6 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
CWE: CWE-122
EPSS Score: 0.14% exploit probability (33.8th percentile)
Published: August 11, 2025
Last Updated: August 27, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-54878, you might also want to check these:

CVE-2021-21940 10.0

A heap-based buffer overflow vulnerability in Anker Eufy Homebase 2's RTSP handling allows remote co...

Same vulnerability type (CWE-122)
CVE-2023-45318 10.0

This critical vulnerability allows remote attackers to execute arbitrary code on systems running Wes...

Same vulnerability type (CWE-122)
CVE-2025-23123 10.0

A heap buffer overflow vulnerability in UniFi Protect Camera firmware allows remote code execution. ...

Same vulnerability type (CWE-122)