CVE-2025-67268 is a security vulnerability identified in gpsd, an open-source GPS service daemon widely used for interfacing with GPS receivers and processing GNSS data. The flaw exists in the driver_nmea2000.c source file, specifically within the hnd_129540 function that processes NMEA2000 PGN 129540 packets, which represent GNSS Satellites in View data. The vulnerability stems from insufficient validation of a user-supplied satellite count parameter against the fixed size of the skyview array, which holds satellite information and is limited to 184 elements. An attacker can supply a satellite count value up to 255, causing the function to write beyond the bounds of the allocated array on the heap. This heap-based out-of-bounds write can corrupt memory, potentially leading to a crash (denial of service) or enabling arbitrary code execution if exploited skillfully. The vulnerability does not require authentication and can be triggered remotely by sending crafted NMEA2000 packets to a gpsd instance that listens for GNSS data. Although no public exploits are currently known, the nature of the vulnerability makes it a significant risk, especially in environments where gpsd is exposed to untrusted GNSS data sources or networks. The affected versions are not explicitly listed, but the issue is resolved by a commit identified as dc966aa. The lack of a CVSS score necessitates a severity assessment based on the impact and exploitability factors. The vulnerability affects confidentiality, integrity, and availability due to possible arbitrary code execution and denial of service. Exploitation is relatively straightforward given the absence of authentication and user interaction requirements. The scope includes any system running vulnerable gpsd versions that process NMEA2000 GNSS data, which can include embedded systems, maritime navigation devices, and industrial control systems.

For European organizations, the impact of CVE-2025-67268 can be significant, particularly for sectors relying on precise GNSS data such as maritime navigation, transportation, logistics, telecommunications, and critical infrastructure. Memory corruption vulnerabilities that allow arbitrary code execution can lead to full system compromise, data breaches, or disruption of services dependent on GPS data. Denial of service conditions could interrupt operations, causing safety risks in navigation or timing-dependent systems. Since gpsd is often deployed in embedded devices and IoT systems, exploitation could be leveraged to pivot into broader network environments. European maritime industries, air traffic control systems, and smart city infrastructure that utilize gpsd for GNSS data processing are particularly vulnerable. Additionally, organizations using gpsd in industrial automation or telecommunications for timing synchronization could face operational disruptions. The absence of known exploits currently provides a window for proactive mitigation, but the potential impact warrants urgent attention.

1. Apply the official patch or update gpsd to the version including commit dc966aa or later, which properly validates the satellite count against the skyview array size. 2. Implement network-level filtering to restrict or validate incoming NMEA2000 packets, especially from untrusted or external sources, to prevent injection of malicious GNSS data. 3. Employ application-layer input validation and sanitization for GNSS data inputs to detect and reject anomalous satellite counts or malformed packets. 4. Isolate gpsd instances processing GNSS data on dedicated network segments to limit exposure to untrusted networks. 5. Monitor gpsd logs and system behavior for signs of memory corruption or crashes that could indicate attempted exploitation. 6. For embedded or industrial systems where patching is delayed, consider deploying runtime protections such as memory corruption mitigations (e.g., ASLR, heap protections) and intrusion detection systems tuned for GNSS protocol anomalies. 7. Engage with vendors of gpsd-based devices to ensure timely firmware updates and security advisories are followed. 8. Conduct security assessments of GNSS data ingestion points to identify and remediate exposure to crafted NMEA2000 packets.