Full Report
Cisco Talos’ Vulnerability Discovery & Research team recently disclosed vulnerabilities in the BioSig Project Libbiosig library and OpenCFD OpenFOAM, as well as an unpatched vulnerability in Microsoft DirectX.The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s
Analysis Summary
This summary covers the vulnerability disclosures for Microsoft DirectX, OpenCFD OpenFOAM, and BioSig Project Libbiosig as reported by Cisco Talos.
---
# Vulnerability: Microsoft DirectX Privilege Escalation
## CVE Details
- **CVE ID:** CVE-2025-68623
- **CVSS Score:** 7.8 (High)
- **CWE:** CWE-379 (Creation of Temporary File in Directory with Insecure Permissions)
## Affected Systems
- **Products:** Microsoft DirectX End-User Runtime
- **Versions:** Pre-installed on Windows XP SP2 through Windows 10 and equivalent Server versions.
- **Configurations:** Systems where the legacy DirectX SDK runtime libraries are being installed.
## Vulnerability Description
A local privilege escalation vulnerability exists in the installation process of the DirectX End-User Runtime. The flaw allows a low-privileged user to perform a race condition or file substitution attack to replace an executable file during the installation process while it is running with SYSTEM privileges.
## Exploitation
- **Status:** Not exploited (Unpatched at time of report)
- **Complexity:** Medium
- **Attack Vector:** Local
## Impact
- **Confidentiality:** High
- **Integrity:** High
- **Availability:** High
## Remediation
### Patches
- **None:** This vulnerability is currently listed as **unpatched** by the vendor.
### Workarounds
- Restrict installation privileges for end-users and monitor for suspicious file modifications in temporary installation directories.
## Detection
- **Snort Rules:** Coverage available via hxxps[://]snort[.]org.
- **Indicators:** Unauthorized modification of executable files during DirectX runtime setup.
## References
- hxxps[://]talosintelligence[.]com/vulnerability_reports/TALOS-2025-2293
---
# Vulnerability: OpenCFD OpenFOAM Arbitrary Code Execution
## CVE Details
- **CVE ID:** CVE-2025-61982
- **CVSS Score:** 8.8 (High)
- **CWE:** CWE-94 (Improper Control of Generation of Code)
## Affected Systems
- **Products:** OpenCFD OpenFOAM
- **Versions:** Version 2506
- **Configurations:** Use of the `Code Stream` directive functionality.
## Vulnerability Description
An arbitrary code execution vulnerability exists in the Code Stream directive. Because this functionality is designed to compile and execute code within simulation files, a specially crafted OpenFOAM simulation file can be used to execute malicious commands on the host system.
## Exploitation
- **Status:** PoC available (Talos disclosed)
- **Complexity:** Medium
- **Attack Vector:** Local (Social Engineering/File Delivery)
## Impact
- **Confidentiality:** High
- **Integrity:** High
- **Availability:** High
## Remediation
### Patches
- Users should update to the latest version provided by OpenCFD Ltd.
## Detection
- Identify simulation files containing unexpected or obfuscated `codeStream` directives.
## References
- hxxps[://]talosintelligence[.]com/vulnerability_reports/TALOS-2025-2292
---
# Vulnerability: BioSig Project Libbiosig Memory Corruptions
## CVE Details
- **CVE IDs:**
- CVE-2025-64736 (Out-of-Bounds Read)
- CVE-2026-22891 (Heap Buffer Overflow)
- CVE-2026-20777 (Heap Buffer Overflow)
- **CVSS Score:** 6.5 - 8.8 (Medium to High)
- **CWE:** CWE-125, CWE-122
## Affected Systems
- **Products:** Libbiosig (BioSig Project)
- **Versions:** 3.9.2 and Master Branch (5462afb0)
- **Configurations:** Parsing of ABF, Intan CLP, or Nicolet WFT file formats.
## Vulnerability Description
Three vulnerabilities were identified in the parsing logic of Libbiosig:
1. **CVE-2025-64736:** An OOB Read in ABF parsing leading to information leaks.
2. **CVE-2026-22891:** A heap-based buffer overflow in Intan CLP parsing.
3. **CVE-2026-20777:** A heap-based buffer overflow in Nicolet WFT parsing.
## Exploitation
- **Status:** PoC available
- **Complexity:** Medium
- **Attack Vector:** Local (via malicious biomedical signal files)
## Impact
- **Confidentiality:** High
- **Integrity:** High
- **Availability:** High
## Remediation
### Patches
- Patches have been released by the BioSig Project. Users should update to the latest version of the library.
## Detection
- Monitor for application crashes or unusual memory access when processing .abf, .clp, or .wft files.
## References
- hxxps[://]talosintelligence[.]com/vulnerability_reports/TALOS-2025-2323
- hxxps[://]talosintelligence[.]com/vulnerability_reports/TALOS-2026-2361
- hxxps[://]talosintelligence[.]com/vulnerability_reports/TALOS-2026-2362