CVE-2025-70083
Undergoing Analysis Undergoing Analysis - In Progress
Stack Buffer Overflow in OpenSatKit 2.2.1 Telecommand Path Handling

Publication date: 2026-02-11

Last updated on: 2026-02-17

Assigner: MITRE

Description
An issue was discovered in OpenSatKit 2.2.1. The DirName field in the telecommand is provided by the ground segment and must be treated as untrusted input. The program copies DirName into the local buffer DirWithSep using strcpy. The size of this buffer is OS_MAX_PATH_LEN. If the length of DirName is greater than or equal to OS_MAX_PATH_LEN, a stack buffer overflow occurs, overwriting adjacent stack memory. The path length check (FileUtil_AppendPathSep) is performed after the strcpy operation, meaning the validation occurs too late and cannot prevent the overflow.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-11
Last Modified
2026-02-17
Generated
2026-06-16
AI Q&A
2026-02-11
EPSS Evaluated
2026-06-14
NVD
CVE-2025-70083
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
opensatkit opensatkit 2.2.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in OpenSatKit 2.2.1 where the DirName field in a telecommand, which comes from the ground segment and is considered untrusted input, is copied into a local buffer using the unsafe function strcpy.

The local buffer, DirWithSep, has a fixed size defined by OS_MAX_PATH_LEN. If the length of DirName is equal to or exceeds this size, a stack buffer overflow occurs because the program copies the data before checking its length.

The validation to check the path length happens only after the copy operation, which is too late to prevent the overflow, potentially overwriting adjacent stack memory.

Impact Analysis

The stack buffer overflow caused by this vulnerability can lead to memory corruption, which may result in unpredictable behavior such as crashes or the execution of arbitrary code.

An attacker who controls the DirName input could exploit this to compromise the system's security, potentially gaining unauthorized access or causing denial of service.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-70083. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart