CVE-2025-29909

Name of the Vulnerable Software and Affected Versions CryptoLib versions 1.3.3 and earlier

Description A heap buffer overflow vulnerability in CryptoLib's Crypto TC ApplySecurity() function allows an attacker to craft a malicious TC frame that causes out-of-bounds memory writes. This can result in denial of service (DoS) or, under certain conditions, remote code execution (RCE). Any application or system that relies on CryptoLib for Telecommand (TC) processing and does not strictly validate incoming TC frames is at risk. This includes satellite ground stations or mission control software where attackers can inject malformed frames.

Recommendations For CryptoLib versions 1.3.3 and earlier, apply the patch available at commit c7e8a8745ff4b5e9bd7e500e91358e86d5abedcc to fix the vulnerability. As a temporary workaround, consider disabling the Crypto TC ApplySecurity() function until a patch is available. Restrict access to the vulnerable Crypto TC ApplySecurity() function to minimize the risk of exploitation. Avoid using the Crypto TC ApplySecurity() function in the affected API endpoint until the issue is resolved.