CVE-2025-54878

Name of the Vulnerable Software and Affected Versions: CryptoLib versions 1.4.0 and earlier

Description: CryptoLib is a software solution utilizing the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. A heap buffer overflow exists in the Initialization Vector (IV) setup logic for telecommand frames due to missing bounds checks when copying the IV into a newly allocated buffer. An attacker can supply a crafted TC frame, potentially corrupting heap memory and leading to undefined behavior, which may manifest as a denial of service or more severe exploitation.

Recommendations: CryptoLib versions prior to 1.4.0 are affected. Update to CryptoLib version 1.4.0 or later.