Home > Vulnerability Database > CVE-2025-64096

Mend.io Vulnerability Database

CVE-2025-64096

Good to know:

Date: October 30, 2025

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prier to 1.4.2, there is a missing bounds check in Crypto_Key_update() (crypto_key_mgmt.c) which allows a remote attacker to trigger a stack-based buffer overflow by supplying a TLV packet with a spoofed length field. The function calculates the number of keys from an attacker-controlled field (pdu_len), which may exceed the static array size (kblk[98]), leading to an out-of-bounds write and potential memory corruption. This vulnerability is fixed in 1.4.2.

Severity Score

8.8

Related Resources (3)

Url: https://github.com/nasa/CryptoLib/security/advisories/GHSA-w6c3-pxvr-6m6j

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-64096

Url: https://www.mend.io/vulnerability-database/CVE-2025-64096

Severity Score

8.8

Weakness Type (CWE)

Stack-based Buffer Overflow

CWE-121

Top Fix

Upgrade Version

Upgrade to version https://github.com/nasa/CryptoLib.git - v1.4.2

Learn More

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-64096

Good to know:

Date: October 30, 2025

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?