How severe is CVE-2025-29909?

This vulnerability has a severity rating of HIGH with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2025-29909?

This is classified as CWE-191, which is a common weakness in software security.

CVE-2025-29909

HIGH Year: 2025

CVSS v3 Score

9.8

Critical

Weakness Type

CWE-191

View all →

Vulnerability Description

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. In versions 1.3.3 and prior, a heap buffer overflow vulnerability in CryptoLib's `Crypto_TC_ApplySecurity()` allows an attacker to craft a malicious TC frame that causes out-of-bounds memory writes. This can result in denial of service (DoS) or, under certain conditions, remote code execution (RCE). Any application or system that relies on CryptoLib for Telecommand (TC) processing and does not strictly validate incoming TC frames is at risk. This includes satellite ground stations or mission control software where attackers can inject malformed frames. A patch is available at commit c7e8a8745ff4b5e9bd7e500e91358e86d5abedcc.

CVE-2005-0199

CRITICAL

CVSS:9.8(Critical)

Integer underflow in the Lists_MakeMask() function in lists.c in ngIRCd before 0.8.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a ...

CWE-1912005

CVE-2015-0537

CRITICAL

CVSS:9.8(Critical)

Integer underflow in the base64-decoding implementation in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-C Micro Edition (Crypto-C ME) before 4.0....

CWE-1912015

CVE-2015-2311

CRITICAL

CVSS:9.8(Critical)

Integer underflow in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 might allow remote peers to cause a denial of service or possibly obtain sensitive information from memory or execute...

CWE-1912015

CVE-2015-9129

CRITICAL

CVSS:9.8(Critical)

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 4...

CWE-1912015

CVE-2015-9167

CRITICAL

CVSS:9.8(Critical)

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650...

CWE-1912015

CVE-2015-9198

CRITICAL

CVSS:9.8(Critical)

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, M...

CWE-1912015

CVE-2025-29909

Vulnerability Description

Related Vulnerabilities

CVE-2005-0199

CVE-2015-0537

CVE-2015-2311

CVE-2015-9129

CVE-2015-9167

CVE-2015-9198