CVE-2025-66216 identifies a critical heap buffer overflow vulnerability in the AIS-catcher software, a multi-platform AIS (Automatic Identification System) receiver widely used for maritime vessel tracking. The vulnerability stems from an incorrect calculation of buffer size in the AIS::Message class, classified under CWE-131 (Incorrect Calculation of Buffer Size). Specifically, the software allows writing approximately 1KB of arbitrary data into a buffer that is only 128 bytes in size, leading to a heap overflow condition. This type of vulnerability can enable remote attackers to overwrite adjacent memory, potentially leading to arbitrary code execution, memory corruption, or application crashes. The vulnerability is exploitable remotely without any authentication or user interaction, increasing its risk profile. The issue affects all versions of AIS-catcher prior to 0.64, with the vendor releasing a patch in version 0.64 to address the flaw. The CVSS 4.0 base score of 9.3 reflects the critical nature of this vulnerability, highlighting its high impact on confidentiality, integrity, and availability, combined with ease of exploitation. Although no known exploits have been reported in the wild yet, the severity and nature of the vulnerability make it a prime target for attackers, especially those interested in maritime infrastructure and data interception.

For European organizations, particularly those involved in maritime operations, port authorities, shipping companies, and coastal monitoring agencies, this vulnerability poses a significant risk. Exploitation could allow attackers to execute arbitrary code on systems running vulnerable AIS-catcher versions, potentially leading to unauthorized access, data manipulation, or disruption of AIS data reception. This could compromise maritime situational awareness, leading to safety hazards, economic losses, and national security concerns. The availability of AIS data is critical for navigation safety, collision avoidance, and regulatory compliance; thus, disruption could have cascading effects on maritime logistics and emergency response. Furthermore, attackers could leverage compromised systems as footholds for lateral movement within organizational networks. The lack of required authentication and user interaction lowers the barrier for exploitation, increasing the likelihood of attacks targeting European maritime infrastructure.

The primary mitigation is to upgrade all AIS-catcher deployments to version 0.64 or later, where the vulnerability has been patched. Organizations should conduct an immediate inventory of AIS-catcher versions in use across their infrastructure to identify vulnerable instances. Network segmentation should be enforced to isolate AIS-catcher systems from critical internal networks to limit potential lateral movement in case of compromise. Implement strict input validation and monitoring on AIS data streams to detect anomalous or malformed messages that could trigger the overflow. Employ runtime protections such as heap memory protection mechanisms (e.g., ASLR, DEP) and enable logging and alerting on suspicious application behavior. Regularly review and update incident response plans to include scenarios involving maritime system compromises. Collaborate with maritime cybersecurity information sharing groups to stay informed about emerging threats and exploits related to AIS systems.