CVE-2025-66046 identifies a critical stack-based buffer overflow vulnerability in The Biosig Project's libbiosig library, version 3.9.1. The vulnerability resides in the MFER (Multi-Format Electroencephalogram) file parsing functionality, specifically triggered when processing Tag 67 within these files. An attacker can craft a malicious MFER file that exploits this buffer overflow to overwrite the stack, enabling arbitrary code execution. This type of vulnerability is classified under CWE-121, indicating improper handling of memory buffers on the stack. The exploit requires no privileges or user interaction, and can be triggered remotely if the application processes untrusted MFER files. The CVSS v3.1 base score of 9.8 reflects the ease of exploitation (low attack complexity), no required privileges, and the severe impact on confidentiality, integrity, and availability. Although no public exploits are currently known, the vulnerability poses a significant risk to any software or systems that utilize libbiosig 3.9.1 for biometric signal processing, particularly in medical, research, or security domains. The lack of available patches at the time of disclosure necessitates immediate defensive measures to prevent exploitation.

The vulnerability allows attackers to execute arbitrary code remotely without authentication, potentially leading to full system compromise. For European organizations, especially those in healthcare, biometric research, and security sectors that rely on libbiosig for processing biosignal data, this could result in unauthorized access to sensitive personal and medical data, disruption of critical services, and loss of data integrity. The critical nature of the flaw means attackers could deploy malware, ransomware, or use compromised systems as footholds for lateral movement within networks. Given the widespread adoption of biometric technologies in Europe, exploitation could undermine trust in biometric authentication systems and cause regulatory compliance issues under GDPR due to data breaches. The absence of known exploits currently provides a window for mitigation, but the high severity demands urgent attention to prevent potential attacks.

1. Immediately audit all systems and applications that utilize libbiosig 3.9.1 to identify exposure to MFER file parsing. 2. Implement strict input validation and sanitization for all MFER files, especially scrutinizing Tag 67 data fields to prevent malformed inputs from triggering the overflow. 3. Employ application-layer sandboxing or isolation techniques to limit the impact of potential exploitation. 4. Monitor logs and network traffic for unusual activity related to libbiosig processes or unexpected MFER file handling. 5. Engage with The Biosig Project and relevant vendors to obtain patches or updates as soon as they become available and prioritize their deployment. 6. Consider temporarily disabling or restricting the processing of MFER files from untrusted sources until patches are applied. 7. Incorporate runtime application self-protection (RASP) or exploit mitigation technologies such as stack canaries, DEP, and ASLR if not already enabled. 8. Educate developers and system administrators about this vulnerability to ensure awareness and prompt response.