CVE-2025-5555
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-5555, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-10-18

Last updated on: 2026-04-29

Assigner: VulDB

Description

A vulnerability has been found in Nixdorf Wincor PORT IO Driver up to 1.0.0.1. This affects the function sub_11100 in the library wnport.sys of the component IOCTL Handler. Such manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 3.0.0.1 is able to mitigate this issue. Upgrading the affected component is recommended. The vendor was contacted beforehand and was able to provide a patch very early.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-10-18
Last Modified
2026-04-29
Generated
2026-07-06
AI Q&A
2025-10-18
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
nixdorf wincor_port_io_driver 1.0.0.1
nixdorf wincor_port_io_driver 3.0.0.1

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a stack-based buffer overflow in the Nixdorf Wincor PORT IO Driver (wnport.sys) up to version 1.0.0.1. It occurs in the IOCTL handler function sub_11100 due to improper input validation of buffer lengths. Attackers can send an oversized input buffer via the DeviceIoControl API, causing memory corruption and potentially triggering a system crash or enabling arbitrary code execution. This means attackers can run unauthorized commands with elevated privileges, leading to serious security risks. [1, 3]

Impact Analysis

Exploitation of this vulnerability can lead to system crashes (denial of service) or allow attackers to execute arbitrary code with elevated privileges. This can result in unauthorized command execution, sensitive data theft, malware installation, or full system compromise. Since the vulnerable IOCTL functions are accessible by low-privileged programs, attackers do not need elevated privileges to initiate the attack, increasing the risk. [1, 3]

Detection Guidance

This vulnerability can be detected by monitoring for attempts to send oversized buffers to the vulnerable IOCTL codes (0x80102040, 0x80102044, 0x80102050, 0x80102054) via the DeviceIoControl API. Detection can include checking for system crashes with PAGE_FAULT_NON_PAGE blue screen errors and monitoring for abnormal DeviceIoControl calls with unusually large input buffers targeting wnport.sys. Specific commands are not provided in the resources, but monitoring system logs for blue screen errors and using tools to trace DeviceIoControl calls with these IOCTL codes may help detect exploitation attempts. [1, 3]

Mitigation Strategies

The immediate mitigation step is to upgrade the Nixdorf Wincor PORT IO Driver to version 3.0.0.1 or later, as this version contains the patch that fixes the vulnerability. Additionally, restricting local access to the affected systems and monitoring for suspicious activity related to the vulnerable IOCTL codes can help reduce risk until the upgrade is applied. [1, 3]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-5555. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart