Headline
Libbiosig, Grassroot DiCoM, Smallstep step-ca vulnerabilities
Cisco Talos’ Vulnerability Discovery & Research team recently disclosed vulnerabilities in Biosig Project Libbiosig, Grassroot DiCoM, and Smallstep step-ca. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy, except for Grassroot, as the
Wednesday, December 17, 2025 16:02
Cisco Talos’ Vulnerability Discovery & Research team recently disclosed vulnerabilities in Biosig Project Libbiosig, Grassroot DiCoM, and Smallstep step-ca.
The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy, except for Grassroot, as the DiCoM vulnerabilities are zero-days.
For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are always posted on Talos Intelligence’s website.
****Libbiosig vulnerability****
Discovered by Mark Bereza of Cisco Talos.
BioSig is an open source software library for biomedical signal processing. The BioSig Project seeks to encourage research in biomedical signal processing by providing open source software tools.
TALOS-2025-2296 (CVE-2025-66043-CVE-2025-66048) includes several stack-based buffer overflow vulnerabilities in the MFER parsing functionality of the Biosig Project libbiosig 3.9.1. An attacker can supply a specially crafted MFER file to trigger these vulnerabilities, possibly leading to arbitrary code execution.
Discovered by Emmanuel Tacheau of Cisco Talos.
Grassroots DiCoM is a C++ library for DICOM medical files, accessible from Python, C#, Java, and PHP. It supports RAW, JPEG, JPEG 2000, JPEG-LS, RLE and deflated transfer syntax. Talos found three out-of-bounds read vulnerabilities in DiCoM. An attacker can provide a malicious file to trigger these vulnerabilities.
- TALOS-2025-2210 (CVE-2025-53618-CVE-2025-53619) can lead to an information leak.
- TALOS-2025-2211 (CVE-2025-52582) can lead to an information leak.
- TALOS-2025-2214 (CVE-2025-48429) can lead to leaking heap data.
****Smallstep step-ca vulnerabilities****
Discovered by Stephen Kubik of the Cisco Advanced Security Initiatives Group (ASIG).
Smallstep step-ca is a TLS-secured online Certificate Authority (CA) for X.509 and SSH certificate management. TALOS-2025-2242 (CVE-2025-44005) is an authentication bypass vulnerability in step-ca. An attacker can bypass authorization checks and force a Step-CA ACME or SCEP provisioner to create certificates without completing certain protocol authorization checks.
Related news
## Summary A security fix is now available for Step CA that resolves a vulnerability affecting deployments configured with ACME and/or SCEP provisioners. All operators running these provisioners should upgrade to the latest release (`v0.29.0`) immediately. The issue was discovered and disclosed by a research team during a security review. There is no evidence of active exploitation. To limit exploitation risk during a coordinated disclosure window, we are withholding detailed technical information for now. A full write-up will be published in several weeks. --- ## Embargo List If your organization runs Step CA in production and would like advance, embargoed notification of future security updates, visit https://u.step.sm/disclosure to request inclusion on our embargo list. --- ## Acknowledgements This issue was identified and reported by Stephen Kubik of the Cisco Advanced Security Initiatives Group (ASIG) --- Stay safe, and thank you for helping us keep the ecosystem secure...