Description
An issue was discovered in Cista v0.15 and below. Insecure deserialization of untrusted input under certain conditions may lead to leaking of stack/heap addresses which may be used to bypass ASLR. Classes with pointer-like mechanics under the cista::raw namespace are prone to reference tampering, where Cista does not perform sufficient checks to safeguard against self-referencing pointers and referencing other data within the payload. The leak occurs if the deserialized values are observable by the attacker.
Published: 2026-04-28
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An insecure deserialization mechanism in Cista versions 0.15 and earlier allows untrusted input to be processed without sufficient validation. The vulnerability can expose stack and heap addresses when deserializing data that contains references to pointers managed in the cista::raw namespace. This address leakage may be used by an attacker to defeat address space layout randomization (ASLR), a common mitigation against exploit development. The core weakness is a flaw in deserialization logic that permits reference tampering, leading to potential disclosure of sensitive memory addresses.

Affected Systems

The affected product is Cista software. All releases up to and including version 0.15 are vulnerable. No other vendors or products have been reported to be affected.

Risk and Exploitability

The CVSS score is 5.3, indicating moderate severity, and there is no EPSS score available; the vulnerability is not listed in CISA KEV. The attack vector is likely external: an attacker who can supply a crafted serialized payload to an application that uses the vulnerable Cista library can trigger the address leak. The exploit does not require privileged access and could be carried out over the network if the application accepts serialized data from untrusted sources. As the vulnerability does not immediately result in arbitrary code execution but provides information that could be leveraged for further attacks, it is important to evaluate its impact within the specific deployment context.

Generated by OpenCVE AI on April 29, 2026 at 01:32 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Cista to a version newer than 0.15 that contains a fix for insecure deserialization.
  • If an upgrade is not possible, restrict the use of deserialization to trusted inputs only and avoid employing cista::raw pointer‑like classes when processing data from untrusted sources.
  • Implement strict input validation and sanitization on all serialized payloads before they reach the Cista library to prevent malformed or malicious references.
  • Review and, if necessary, remove any exposed stack or heap addresses from application logs or error messages to reduce the value of the information leak.

Generated by OpenCVE AI on April 29, 2026 at 01:32 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 29 Apr 2026 10:30:00 +0000

Type Values Removed Values Added
First Time appeared Cista
Cista cista
Vendors & Products Cista
Cista cista

Wed, 29 Apr 2026 02:00:00 +0000

Type Values Removed Values Added
Title Cista Vulnerability: Insecure Deserialization Enables Memory Address Disclosure and ASLR Bypass

Tue, 28 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-502
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 28 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Description An issue was discovered in Cista v0.15 and below. Insecure deserialization of untrusted input under certain conditions may lead to leaking of stack/heap addresses which may be used to bypass ASLR. Classes with pointer-like mechanics under the cista::raw namespace are prone to reference tampering, where Cista does not perform sufficient checks to safeguard against self-referencing pointers and referencing other data within the payload. The leak occurs if the deserialized values are observable by the attacker.
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AC:L/AV:N/A:N/C:L/I:N/PR:N/S:U/UI:N'}

Subscriptions

Cista Cista
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-28T16:30:20.600Z

Reserved: 2025-09-26T00:00:00.000Z

Link: CVE-2025-60887

cve-icon Vulnrichment

Updated: 2026-04-28T16:26:59.610Z

cve-icon NVD

Status : Deferred

Published: 2026-04-28T16:16:05.597

Modified: 2026-04-28T20:18:13.020

Link: CVE-2025-60887

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T10:11:08Z

Weaknesses