IoT, Potential Risk of CVE

CVE-2025-66216: About AIS-catcher (3rd Dec 2025)

Leave a comment

Preface: AIS-Catcher is a MIT licensed dual band AIS receiver for Linux, Windows and Raspberry Pi. It is compatible with RTL-SDR dongles and the Airspy HF+.

AIS stands for Automatic Identification System and is used by marine vessels to broadcast their GPS locations in order to help avoid collisions and aide with rescues. An RTL-SDR with the right software can be used to receive and decode these signals, and plot ship positions on a map.

Background: You can set up your own receiver at home. With just a small USB radio adapter and a simple antenna, you can receive live signals from nearby ships and decode them directly on your computer or Raspberry Pi.

Setup requirement for an SDR AIS Receiver:

-RTL-SDR dongle (e.g. Nooelec NESDR, RTL-SDR Blog V3)

-VHF antenna (marine band, tuned for ~162 MHz)

-Raspberry Pi (Model 3 or later) or any PC

-Internet connection (for updates, optional data sharing)

Recommended Command (Dual-channel AIS, Auto Gain)

This does the following:

-A listens to both AIS frequencies:

Channel 1: 161.975 MHz

Channel 2: 162.025 MHz

-g auto lets AIS-catcher automatically choose the gain setting

Uses default device (-d 0) unless otherwise specified

You should see continuous outputs like this:

!AIVDM,1,1,,B,15MuqP001oK>rWnE`D0?;wvP0<2R,0*6D

These are raw NMEA AIS messages being received in real time.

Vulnerability details: CVE-2025-66216 – AIS-catcher is a multi-platform AIS receiver. Prior to version 0.64, a heap buffer overflow vulnerability has been identified in the AIS::Message class of AIS-catcher. This vulnerability allows an attacker to write approximately 1KB of arbitrary data into a 128-byte buffer. This issue has been patched in version 0.64.

Best Practices:

Never store data() pointer across operations that can reallocate (like push_back, resize, insert, emplace).

If you need a stable pointer, consider:

  • std::deque (doesn’t invalidate all pointers on growth).
  • std::vector::reserve() before operations to avoid reallocation.
  • Or use indices instead of raw pointers.

Official announcement: Please refer to the link for details – https://www.tenable.com/cve/CVE-2025-66216

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.