The Biosig Project Multiple Critical Vulnerabilities - 20250826002¶
Overview¶
The WASOC has been made aware of a stack-based buffer overflow vulnerability that exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
What is vulnerable?¶
| Product(s) Affected | Version(s) | CVE | CVSS | Severity |
|---|---|---|---|---|
| The Biosig Project lobbiosig | The Biosig Project libbiosig 3.9.0 The Biosig Project libbiosig Master Branch (35a819fa) |
CVE-2025-54489 CVE-2025-54484 CVE-2025-54494 CVE-2025-54492 CVE-2025-54483 CVE-2025-54487 CVE-2025-54493 CVE-2025-54490 CVE-2025-54491 CVE-2025-54480 CVE-2025-54482 CVE-2025-54486 CVE-2025-54485 CVE-2025-54481 CVE-2025-54488 |
9.8 | Critical |
What has been observed?¶
The WASOC has not received any reports of exploitation of this vulnerability on Western Australian Government networks at the time of writing.
Recommendation¶
The WASOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframes (refer Patch Management):
Additional References¶
- TalosIntelligence: https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234