Cisco Talos Discovers Vulnerabilities in Key Software Libraries
Several critical vulnerabilities have recently been identified by Cisco Talos’ Vulnerability Discovery & Research team in prominent software libraries, including the BioSig Project’s Libbiosig, OpenCFD’s OpenFOAM, and a local privilege escalation flaw in Microsoft DirectX. While mitigation has been released for most vulnerabilities, the DirectX vulnerability remains unpatched.
The discovered vulnerabilities exhibit varying levels of risk. The local privilege escalation vulnerability in Microsoft DirectX, documented as TALOS-2025-2293 (CVE-2025-68623), allows low-privileged users to replace executable files during installation, resulting in potential privilege escalation on systems running various Windows versions, including Windows XP through Windows 10. This issue could expose systems to unauthorized access if successfully exploited.
In the BioSig Project’s Libbiosig, identified vulnerabilities include an out-of-bounds read and two separate heap-based buffer overflows (CVE-2026-22891 and CVE-2026-20777) that affect specific functionalities within the library. These vulnerabilities may allow an attacker to execute arbitrary code by supplying specially crafted files. Specifically, a maliciously constructed ABF file can exploit the out-of-bounds read, and crafted CLP or WFT files could trigger buffer overflow conditions, potentially leading to full system compromise.
The OpenFOAM vulnerability, cataloged as TALOS-2025-2292 (CVE-2025-61982), mirrors the risks posed by the Libbiosig flaws. This arbitrary code execution vulnerability is activated by specially crafted simulation files manipulated by an attacker, illustrating the critical importance of file input validation in software applications.
Defensive Context
Organizations utilizing the affected software libraries should be cognizant of these vulnerabilities, especially those within sectors reliant on education or biomedical processing where the BioSig Project is prevalent. Similarly, environments with dependencies on OpenFOAM for computational fluid dynamics may also need to approach this development with heightened awareness, given the potential for execution of arbitrary code.
Why This Matters
Businesses and entities that utilize systems incorporating these vulnerabilities are at risk of exploitation. The ongoing absence of a patch for the DirectX issue further complicates the risk landscape, enabling attackers to leverage privilege escalation tactics.
Defender Considerations
Specific mitigation strategies may involve updating affected software libraries to their patched versions. Organizations should remain vigilant regarding file handling within OpenFOAM and BioSig libraries, ensuring strict validation and security controls around user-supplied files.
Indicators of Compromise (IOCs)
– CVE-2025-68623 (Microsoft DirectX local privilege escalation)
– CVE-2025-61982 (OpenFOAM arbitrary code execution)
– CVE-2026-22891 (Libbiosig heap-based buffer overflow)
– CVE-2026-20777 (Libbiosig heap-based buffer overflow)
– CVE-2025-64736 (Libbiosig out-of-bounds read)
