CVE-2025-66217 is a heap-based buffer overflow vulnerability identified in the AIS-catcher software, a multi-platform AIS (Automatic Identification System) receiver widely used for maritime vessel tracking. The root cause is an integer underflow in the MQTT packet parsing logic, specifically related to the Topic Length field. When AIS-catcher processes a malformed MQTT packet with a manipulated Topic Length, the integer underflow leads to the allocation of an insufficient buffer size on the heap. Subsequent operations then overflow this buffer, corrupting adjacent memory. This vulnerability can be triggered remotely without authentication or user interaction by sending a crafted MQTT packet. The immediate consequence is a denial of service due to application crash. More critically, when AIS-catcher is embedded as a library within other software, the heap corruption can be exploited to achieve remote code execution (RCE), allowing attackers to execute arbitrary code with the privileges of the AIS-catcher process. This elevates the risk from service disruption to full system compromise. The vulnerability affects all AIS-catcher versions prior to 0.64, with the issue resolved in version 0.64. The CVSS 4.0 base score of 8.8 indicates a high-severity flaw with network attack vector, no required privileges or user interaction, and high impact on confidentiality, integrity, and availability. No known exploits are currently reported in the wild, but the ease of exploitation and potential impact warrant urgent remediation.

For European organizations, the impact of CVE-2025-66217 is significant, especially those involved in maritime operations, port authorities, shipping companies, and coastal monitoring agencies that rely on AIS-catcher for vessel tracking and situational awareness. A successful exploit could lead to immediate denial of service, disrupting critical maritime traffic monitoring and safety systems. More severe consequences arise if AIS-catcher is used as a library within other applications, where attackers could gain remote code execution capabilities, potentially compromising entire networks or critical infrastructure. This could lead to unauthorized access, data manipulation, or sabotage of maritime safety systems. Given Europe's extensive coastline, busy ports, and reliance on AIS data for navigation safety and regulatory compliance, the vulnerability poses a risk to operational continuity and maritime security. Additionally, disruption or compromise of AIS data could have cascading effects on logistics, emergency response, and national security. The lack of authentication or user interaction required for exploitation increases the threat level, making remote attacks feasible from anywhere with network access to the vulnerable system.

The primary mitigation is to upgrade AIS-catcher to version 0.64 or later, where the vulnerability has been patched. Organizations should immediately inventory their deployments to identify AIS-catcher instances and verify their versions. For systems where upgrading is not immediately feasible, network-level controls should be implemented to restrict access to MQTT services used by AIS-catcher, limiting exposure to untrusted networks. Deploying MQTT protocol validation and filtering tools can help detect and block malformed packets attempting to exploit the Topic Length field. Additionally, applying runtime protections such as heap memory integrity checks, address space layout randomization (ASLR), and control flow integrity (CFI) can reduce exploitation likelihood. Monitoring logs for unusual MQTT traffic patterns or crashes can provide early detection of attempted exploitation. For organizations embedding AIS-catcher as a library, thorough code review and sandboxing of the library usage are recommended to contain potential compromises. Finally, maintaining an incident response plan tailored to maritime system disruptions will help mitigate operational impacts if exploitation occurs.