CVE-2025-70616

Exploit

EPSS 0.01%
Veröffentlicht 05.03.2026 00:00:00
Zuletzt bearbeitet 10.03.2026 19:41:39
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

A stack buffer overflow vulnerability exists in the Wincor Nixdorf wnBios64.sys kernel driver (version 1.2.0.0) in the IOCTL handler for code 0x80102058. The vulnerability is caused by missing bounds checking on the user-controlled Options parameter before copying data into a 40-byte stack buffer (Src[40]) using memmove. An attacker with local access can exploit this vulnerability by sending a crafted IOCTL request with Options > 40, causing a stack buffer overflow that may lead to kernel code execution, local privilege escalation, or denial of service (system crash). Additionally, the same IOCTL handler can leak kernel addresses and other sensitive stack data when reading beyond the buffer boundaries.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Dieboldnixdorf ≫ Wnbios64.Sys Version1.2.0.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.027

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

https://github.com/250wuyifan/wnBios64-CVE

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2025-70616

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-70616

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-70616

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-70616