VYPR
Unrated severityNVD Advisory· Published Sep 23, 2025· Updated Sep 23, 2025

CryptoLib command Injection vulnerability in initialize_kerberos_keytab_file_login()

CVE-2025-59534

Description

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.2, there is a command Injection vulnerability in initialize_kerberos_keytab_file_login(). The vulnerability exists because the code directly interpolates user-controlled input into a shell command and executes it via system() without any sanitization or validation. This issue has been patched in version 1.4.2.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Nasa/Cryptolibllm-fuzzy2 versions
    <1.4.2+ 1 more
    • (no CPE)range: <1.4.2
    • (no CPE)range: < 1.4.2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.