CVE-2025-66216 – A heap buffer overflow vulnerability in AIS-cat... (How to Fix)

Q: What is the severity of CVE-2025-66216?

CVE-2025-66216 has a CVSS score of 9.8 (CRITICAL). A heap buffer overflow vulnerability in AIS-catcher allows attackers to write approximately 1KB of arbitrary data into a 128-byte buffer, potentially leading to remote code execution or denial of service. This affects all users running AIS-catcher versions prior to 0.64. The vulnerability is in the AIS::Message class and can be exploited by sending malicious AIS messages.

📋 TL;DR

A heap buffer overflow vulnerability in AIS-catcher allows attackers to write approximately 1KB of arbitrary data into a 128-byte buffer, potentially leading to remote code execution or denial of service. This affects all users running AIS-catcher versions prior to 0.64. The vulnerability is in the AIS::Message class and can be exploited by sending malicious AIS messages.

💻 Affected Systems

Products:

AIS-catcher

Versions: All versions prior to 0.64

Operating Systems: Linux, Windows, macOS, Raspberry Pi OS

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments processing AIS messages are vulnerable regardless of configuration. The vulnerability is in core message parsing functionality.

📦 What is this software?

Ais Catcher by Aiscatcher

View all CVEs affecting Ais Catcher →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with full system compromise, allowing attacker to execute arbitrary code with the privileges of the AIS-catcher process.

🟠

Likely Case

Denial of service through application crash, potentially disrupting AIS data collection and monitoring capabilities.

🟢

If Mitigated

Limited impact if proper network segmentation and input validation are in place, though buffer overflow could still cause crashes.

🌐 Internet-Facing: HIGH - AIS-catcher typically receives data from radio receivers or network sources, potentially exposing it to malicious AIS messages from various sources.

🏢 Internal Only: MEDIUM - Risk exists if AIS-catcher processes data from internal sources, though attack surface is more limited than internet-facing deployments.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires sending specially crafted AIS messages to the vulnerable application. No authentication is required as AIS-catcher processes incoming messages automatically.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.64

Vendor Advisory: https://github.com/jvde-github/AIS-catcher/security/advisories/GHSA-v53x-f5hh-g2g6

Restart Required: Yes

Instructions:

1. Stop the AIS-catcher service. 2. Download and install version 0.64 from the official GitHub repository. 3. Restart the AIS-catcher service. 4. Verify the version is 0.64 or higher.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate AIS-catcher from untrusted networks and implement strict firewall rules to limit sources of AIS messages.

Input Validation Filter

all

Deploy a network filter or proxy that validates AIS messages before they reach AIS-catcher.

🧯 If You Can't Patch

Implement strict network segmentation to isolate AIS-catcher from untrusted sources
Deploy intrusion detection/prevention systems to monitor for buffer overflow attempts

🔍 How to Verify

Check if Vulnerable:

Check the AIS-catcher version. If it's below 0.64, the system is vulnerable.

Check Version:

ais-catcher --version

Verify Fix Applied:

Verify the installed version is 0.64 or higher and monitor for crashes or abnormal behavior.

📡 Detection & Monitoring

Log Indicators:

Application crashes
Segmentation faults
Memory access violation errors

Network Indicators:

Unusual AIS message patterns
Malformed AIS packets
Traffic from unexpected sources

SIEM Query:

source="ais-catcher" AND (event_type="crash" OR event_type="segfault" OR message="*buffer overflow*")

📊 Metadata

CVE ID: CVE-2025-66216

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-131

EPSS Score: 0.09% exploit probability (25.2th percentile)

Published: November 29, 2025

Last Updated: December 23, 2025

🔗 References

https://github.com/jvde-github/AIS-catcher/commit/3de0ef785fc3c96265a71b37df7b0a82cb279312 Patch
https://github.com/jvde-github/AIS-catcher/security/advisories/GHSA-v53x-f5hh-g2g6 Exploit,Vendor Advisory
https://github.com/jvde-github/AIS-catcher/security/advisories/GHSA-v53x-f5hh-g2g6 Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-66216, you might also want to check these: