Vulnerability cyber

NASA

May 27, 2025 1 min read
NASA

Vulnerabilities in open source software developed and used in-house by NASA could be exploited to breach their systems. Security researcher Leon Juranić discovered stack-based buffer overflow vulnerabilities in NASA’s software, which could allow for remote code execution. These vulnerabilities were found in tools such as QuIP, OpenVSP, RHEAS, OMINAS, Refine, CFDTOOLS, and the knife library. Juranić also found reflected XSS vulnerabilities and hard-coded secret values in NASA’s web applications. State-sponsored threat actors could exploit these flaws to compromise NASA's systems and those of other institutions using the vulnerable software.

Source: https://www.helpnetsecurity.com/2025/05/27/nasa-open-source-software-vulnerabilities/

TPRM report: https://scoringcyber.rankiteo.com/company/nasa

"id": "nas829052725",
"linkid": "nasa",
"type": "Vulnerability",
"date": "5/2025",
"severity": "25",
"impact": "1",
"explanation": "Attack without any consequences"
{'affected_entities': [{'industry': 'Aerospace',
                        'location': 'United States',
                        'name': 'NASA',
                        'type': 'Government Agency'}],
 'attack_vector': 'Exploitation of vulnerabilities in software',
 'description': 'Vulnerabilities in open source software developed and used '
                'in-house by NASA were discovered by Leon Juranić, security '
                'researcher and founder of cybersecurity startup ThreatLeap. '
                'The vulnerabilities were found in tools such as QuIP, '
                'OpenVSP, RHEAS, OMINAS, Refine, CFDTOOLS, and the knife '
                'library. These vulnerabilities include stack-based buffer '
                'overflows, reflected cross site scripting (XSS), and '
                'hard-coded secret values, which could be exploited for remote '
                'code execution.',
 'impact': {'systems_affected': ['QuIP',
                                 'OpenVSP',
                                 'RHEAS',
                                 'OMINAS',
                                 'Refine',
                                 'CFDTOOLS',
                                 'knife library']},
 'lessons_learned': 'The importance of Secure Software Development Life Cycle '
                    '(SDLC) practices, especially for government agencies and '
                    'their contractors.',
 'motivation': 'To compromise computer systems at NASA and other institutions '
               'using the vulnerable software',
 'recommendations': "Improvement in NASA's software security processes and "
                    "NASA's SRA (Software Release Authority) policy.",
 'references': [{'source': 'Help Net Security'}],
 'threat_actor': 'Potential state-sponsored threat actors',
 'title': 'Vulnerabilities in NASA Open Source Software',
 'type': 'Vulnerability Exploitation',
 'vulnerability_exploited': ['Stack-based buffer overflow',
                             'Reflected cross site scripting (XSS)',
                             'Hard-coded secret values']}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.