CVE-2025-59534
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-23

Last updated on: 2025-10-08

Assigner: GitHub, Inc.

Description
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.2, there is a command Injection vulnerability in initialize_kerberos_keytab_file_login(). The vulnerability exists because the code directly interpolates user-controlled input into a shell command and executes it via system() without any sanitization or validation. This issue has been patched in version 1.4.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-23
Last Modified
2025-10-08
Generated
2026-06-16
AI Q&A
2025-09-23
EPSS Evaluated
2026-06-15
NVD
CVE-2025-59534
EUVD
EUVD-2025-30922
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
nasa cryptolib to 1.4.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a command injection flaw in the function initialize_kerberos_keytab_file_login() of CryptoLib before version 1.4.2. It occurs because user-controlled input is directly inserted into a shell command and executed via system() without any sanitization or validation, allowing an attacker to execute arbitrary commands on the system.

Impact Analysis

The vulnerability can allow an attacker with limited privileges to execute arbitrary commands on the affected system, potentially leading to full compromise of confidentiality, integrity, and availability of the system running CryptoLib. This could disrupt secure communications between spacecraft and ground stations.

Mitigation Strategies

Upgrade CryptoLib to version 1.4.2 or later, as this version contains the patch that fixes the command injection vulnerability in initialize_kerberos_keytab_file_login(). Until the upgrade can be applied, avoid using untrusted input in the affected function to prevent exploitation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-59534. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart