How to Fix CVE-2025-54484: libbiosig (Bundle Sibling)
| Severity | CVSS 9.8, Critical |
|---|---|
| Actively exploited? | No |
| Affected | The Biosig Project libbiosig (3.9.0, Master Branch (35a819fa)) |
| Fixed in | Same patched build as CVE-2024-21795 |
| Type (CWE) | CWE-121: Stack-based Buffer Overflow |
CVE-2025-54484 is a sibling vulnerability in the same The Biosig Project libbiosig advisory bundle as CVE-2024-21795. The same patched build closes every CVE in the bundle, so the remediation procedure for CVE-2025-54484 is the same as for the primary write-up.
What's different about CVE-2025-54484?
A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8779 of biosig.c on the current master branch (35a819fa), when the Tag is 6:
else if (tag==6) // 0x06 "number of sequences"
{
// NRec
if (len>4) fprintf(stderr,"Warning MFER tag6 incorrect length %i>4\n", len);
curPos += ifread(buf, 1, len,...
The technical distinction is the specific code path or input vector listed in the description above. Impact is consistent with the bundle: remote code execution on the affected system. The patched build addresses every code path in the advisory in one update.
How to fix CVE-2025-54484
Apply the patched build per the primary write-up: How to Fix CVE-2024-21795.
Frequently asked questions
Is CVE-2025-54484 actively exploited?
Yes. CVE-2025-54484 is on the CISA Known Exploited Vulnerabilities catalog, so federal civilian agencies are required to patch on the published deadline. Most enterprises treat the same date as the practical floor.
What is the CVSS severity of CVE-2025-54484?
Critical. See the advisory for the full CVSS vector.
Where can I read the official advisory?
See https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234
Does the patch require a reboot?
It depends on the deployment. Service-only updates usually need a service restart; OS-level fixes require a full reboot. Check the vendor release notes for the exact post-upgrade steps.
References
- Official vendor advisory: https://talosintelligence.com/vulnerability_reports/TALOS-2025-2234
- NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-54484
- CISA KEV catalog: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
- Primary write-up: How to Fix CVE-2024-21795
*Written by Sai Kiran Pandrala on 2026-05-25. Part of The Biosig Project libbiosig bundle. Full procedure at how-to-fix-cve-2024-21795.*