CVE-2025-66045 is a stack-based buffer overflow vulnerability identified in version 3.9.1 of libbiosig, a library developed by The Biosig Project for biosignal processing. The vulnerability resides specifically in the MFER (Medical File Exchange Record) parsing functionality when processing files containing Tag 65. An attacker can exploit this flaw by crafting a malicious MFER file designed to overflow the stack buffer, leading to arbitrary code execution. The vulnerability does not require any privileges or user interaction, making remote exploitation feasible if the library processes untrusted MFER files. The CVSS v3.1 score of 9.8 reflects the critical nature of this vulnerability, with network attack vector, low attack complexity, no privileges required, and no user interaction needed. The impact spans confidentiality, integrity, and availability, as arbitrary code execution can lead to full system compromise. No patches have been linked yet, and no known exploits are reported in the wild, but the vulnerability is publicly disclosed and should be treated as urgent. The vulnerability is classified under CWE-121, indicating a classic stack-based buffer overflow, a well-known and highly exploitable class of vulnerabilities.

For European organizations, the impact of CVE-2025-66045 can be severe, especially those involved in healthcare, biomedical research, and industries utilizing biosignal processing where libbiosig is integrated. Exploitation could lead to unauthorized system control, data breaches involving sensitive medical or biometric data, disruption of critical healthcare services, and potential compliance violations under GDPR due to data confidentiality breaches. The ability to execute arbitrary code remotely without authentication increases the risk of widespread exploitation, potentially affecting interconnected healthcare networks and research institutions. The disruption could extend to availability impacts if systems are taken offline or manipulated. Given the criticality and the nature of the affected software, the threat could also undermine trust in medical device software and biosignal analysis tools used across Europe.

1. Immediately audit all systems and applications using libbiosig 3.9.1, especially those processing MFER files. 2. Restrict or block untrusted or unauthenticated MFER file inputs to vulnerable systems to prevent exploitation. 3. Employ runtime protections such as stack canaries, ASLR (Address Space Layout Randomization), and DEP (Data Execution Prevention) to mitigate exploitation impact. 4. Monitor logs and network traffic for unusual activity related to MFER file processing or unexpected process behaviors. 5. If possible, isolate systems handling MFER files to limit lateral movement in case of compromise. 6. Engage with The Biosig Project or relevant vendors for patches or updates and apply them promptly once available. 7. Consider implementing application-layer whitelisting or sandboxing for processes handling MFER files. 8. Conduct security awareness training for staff handling biosignal data to recognize suspicious files or behaviors. 9. Prepare incident response plans specific to potential exploitation scenarios involving libbiosig.