CVE-2025-5555
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-18

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability has been found in Nixdorf Wincor PORT IO Driver up to 1.0.0.1. This affects the function sub_11100 in the library wnport.sys of the component IOCTL Handler. Such manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 3.0.0.1 is able to mitigate this issue. Upgrading the affected component is recommended. The vendor was contacted beforehand and was able to provide a patch very early.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-18
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2025-10-18
EPSS Evaluated
2026-06-15
NVD
CVE-2025-5555
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
nixdorf wincor_port_io_driver 1.0.0.1
nixdorf wincor_port_io_driver 3.0.0.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a stack-based buffer overflow in the Nixdorf Wincor PORT IO Driver (wnport.sys) up to version 1.0.0.1. It occurs in the IOCTL handler function sub_11100 due to improper input validation of buffer lengths. Attackers can send an oversized input buffer via the DeviceIoControl API, causing memory corruption and potentially triggering a system crash or enabling arbitrary code execution. This means attackers can run unauthorized commands with elevated privileges, leading to serious security risks. [1, 3]

Impact Analysis

Exploitation of this vulnerability can lead to system crashes (denial of service) or allow attackers to execute arbitrary code with elevated privileges. This can result in unauthorized command execution, sensitive data theft, malware installation, or full system compromise. Since the vulnerable IOCTL functions are accessible by low-privileged programs, attackers do not need elevated privileges to initiate the attack, increasing the risk. [1, 3]

Detection Guidance

This vulnerability can be detected by monitoring for attempts to send oversized buffers to the vulnerable IOCTL codes (0x80102040, 0x80102044, 0x80102050, 0x80102054) via the DeviceIoControl API. Detection can include checking for system crashes with PAGE_FAULT_NON_PAGE blue screen errors and monitoring for abnormal DeviceIoControl calls with unusually large input buffers targeting wnport.sys. Specific commands are not provided in the resources, but monitoring system logs for blue screen errors and using tools to trace DeviceIoControl calls with these IOCTL codes may help detect exploitation attempts. [1, 3]

Mitigation Strategies

The immediate mitigation step is to upgrade the Nixdorf Wincor PORT IO Driver to version 3.0.0.1 or later, as this version contains the patch that fixes the vulnerability. Additionally, restricting local access to the affected systems and monitoring for suspicious activity related to the vulnerable IOCTL codes can help reduce risk until the upgrade is applied. [1, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-5555. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart