CVE-2025-66217 is a heap-based buffer overflow vulnerability identified in the AIS-catcher software, a multi-platform AIS (Automatic Identification System) receiver used for maritime vessel tracking and related applications. The vulnerability stems from an integer underflow in the MQTT packet parsing logic before version 0.64. Specifically, the flaw occurs when processing the Topic Length field of MQTT packets: a malformed packet with a manipulated Topic Length triggers an integer underflow, causing the software to allocate insufficient memory for the topic string. This leads to a heap buffer overflow when the topic data is copied, corrupting adjacent memory. The immediate consequence is a denial of service (DoS) due to application crash or instability. More critically, when AIS-catcher is embedded as a library within other software, this memory corruption can be exploited to achieve remote code execution (RCE), allowing attackers to execute arbitrary code remotely without any authentication or user interaction. The vulnerability is exploitable remotely over the network, as MQTT is a network protocol commonly used in IoT and maritime communication systems. The issue has been addressed and patched in AIS-catcher version 0.64. The CVSS 4.0 base score of 8.8 reflects the high impact on confidentiality, integrity, and availability, combined with low attack complexity and no required privileges or user interaction. No public exploits have been reported yet, but the potential for severe impact warrants immediate attention from users of affected versions.

For European organizations, the impact of CVE-2025-66217 can be significant, especially those involved in maritime operations, port authorities, shipping companies, and IoT infrastructure relying on AIS-catcher for vessel tracking or situational awareness. A successful exploitation can cause service outages due to DoS, disrupting critical maritime traffic monitoring and safety systems. More alarmingly, if AIS-catcher is integrated as a library in other software, attackers could gain remote code execution capabilities, potentially leading to full system compromise, data breaches, or manipulation of AIS data streams. This could affect operational integrity, safety, and regulatory compliance. The maritime sector in Europe is vital for trade and security, so disruptions or compromises could have cascading effects on supply chains and national security. Additionally, organizations using MQTT-based IoT deployments that incorporate AIS-catcher may face risks of lateral movement or persistent threats if exploited. The lack of authentication and user interaction requirements increases the likelihood of exploitation in exposed network environments.

European organizations should immediately upgrade AIS-catcher to version 0.64 or later to remediate this vulnerability. For deployments where upgrading is not immediately feasible, network-level mitigations should be implemented, including strict filtering and validation of MQTT traffic to block malformed packets with suspicious Topic Length fields. Employ network segmentation to isolate AIS-catcher instances from untrusted networks and restrict MQTT access to trusted sources only. Monitor network traffic for anomalies indicative of malformed MQTT packets or unexpected crashes in AIS-catcher processes. Conduct code audits and penetration testing on software that integrates AIS-catcher as a library to identify potential exploitation vectors. Implement runtime protections such as memory corruption detection tools (e.g., ASLR, DEP, or heap protection mechanisms) on hosts running AIS-catcher. Maintain up-to-date intrusion detection/prevention systems (IDS/IPS) with signatures for MQTT protocol anomalies. Finally, establish incident response plans specifically addressing potential RCE and DoS scenarios related to this vulnerability.