BackBox.org News
  • BackBox.org
  • Linux
  • Community
  • News
  • Services
  • Sitemap
  • Contact
  • Click to open the search input field Click to open the search input field Search
  • Menu Menu
Libbiosig, Grassroot DiCoM, Smallstep step-ca vulnerabilities

Libbiosig, Grassroot DiCoM, Smallstep step-ca vulnerabilities

December 17, 2025/in Company Blogs

Libbiosig, Grassroot DiCoM, Smallstep step-ca vulnerabilities

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed vulnerabilities in Biosig Project Libbiosig, Grassroot DiCoM, and Smallstep step-ca.

The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy.    

For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are always posted on Talos Intelligence’s website.     

Libbiosig vulnerability

Discovered by Mark Bereza of Cisco Talos.

BioSig is an open source software library for biomedical signal processing. The BioSig Project seeks to encourage research in biomedical signal processing by providing open source software tools.

TALOS-2025-2296 (CVE-2025-66043-CVE-2025-66048) includes several stack-based buffer overflow vulnerabilities in the MFER parsing functionality of the Biosig Project libbiosig 3.9.1. An attacker can supply a specially crafted MFER file to trigger these vulnerabilities, possibly leading to arbitrary code execution.

Grassroot DiCoM vulnerabilities

Discovered by Emmanuel Tacheau of Cisco Talos.

Grassroots DiCoM is a C++ library for DICOM medical files, accessible from Python, C#, Java, and PHP. It supports RAW, JPEG, JPEG 2000, JPEG-LS, RLE and deflated transfer syntax. Talos found three out-of-bounds read vulnerabilities in DiCoM. An attacker can provide a malicious file to trigger these vulnerabilities.

  • TALOS-2025-2210 (CVE-2025-53618-CVE-2025-53619) can lead to an information leak. 
  • TALOS-2025-2211 (CVE-2025-52582) can lead to an information leak.
  • TALOS-2025-2214 (CVE-2025-48429) can lead to leaking heap data. 

Smallstep step-ca vulnerabilities

Discovered by Stephen Kubik of the Cisco Advanced Security Initiatives Group (ASIG).

Smallstep step-ca is a TLS-secured online Certificate Authority (CA) for X.509 and SSH certificate management. TALOS-2025-2242 (CVE-2025-44005) is an authentication bypass vulnerability in step-ca. An attacker can bypass authorization checks and force a Step-CA ACME or SCEP provisioner to create certificates without completing certain protocol authorization checks.

Cisco Talos Blog – ​Read More

Share this entry
  • Share on Facebook
  • Share on X
  • Share on WhatsApp
  • Share on LinkedIn
  • Share on Vk
  • Share on Reddit
  • Share by Mail
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png 0 0 admin https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png admin2025-12-17 21:06:302025-12-17 21:06:30Libbiosig, Grassroot DiCoM, Smallstep step-ca vulnerabilities
Search Search
Copyright © BackBox.org
  • Link to X
  • Link to Facebook
  • Link to LinkedIn
  • Link to Youtube
  • Link to Telegram
Link to: Russian BlueDelta hackers ran phishing campaign against Ukrainian webmail users Link to: Russian BlueDelta hackers ran phishing campaign against Ukrainian webmail users Russian BlueDelta hackers ran phishing campaign against Ukrainian webmail u...Russian BlueDelta hackers ran phishing campaign against Ukrainian webmail users Link to: The tech products we absolutely loved this year – and which we’re taking into 2026 Link to: The tech products we absolutely loved this year – and which we’re taking into 2026 The tech products we absolutely loved this year – and which we’re...
Scroll to top Scroll to top Scroll to top