CVE-2025-70616
Stack Buffer Overflow in Wincor Nixdorf wnBios64.sys Driver
Publication date: 2026-03-05
Last updated on: 2026-03-10
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dieboldnixdorf | wnbios64.sys | 1.2.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2025-70616 is a stack-based buffer overflow vulnerability in the Wincor Nixdorf wnBios64.sys kernel driver version 1.2.0.0. It occurs in the IOCTL handler for code 0x80102058 due to missing bounds checking on a user-controlled parameter called "Options."'}, {'type': 'paragraph', 'content': 'When the value of Options is greater than 40, the driver uses memmove to copy data into a fixed-size 40-byte stack buffer without validating the length, causing a stack buffer overflow.'}, {'type': 'paragraph', 'content': 'This overflow can overwrite local variables, return addresses, and other stack data, potentially allowing an attacker with local access to execute arbitrary kernel code, escalate privileges, or cause a system crash (denial of service).'}, {'type': 'paragraph', 'content': 'Additionally, the vulnerability can leak kernel addresses and sensitive stack data by reading beyond the buffer boundaries, which can aid further exploitation.'}] [1]
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': 'This vulnerability can have several serious impacts if exploited by an attacker with local access:'}, {'type': 'list_item', 'content': 'Local privilege escalation, allowing the attacker to gain higher-level permissions on the system.'}, {'type': 'list_item', 'content': "Arbitrary kernel code execution, which can compromise the entire operating system's security."}, {'type': 'list_item', 'content': 'Denial of service through system crashes (blue screen of death) caused by the stack overflow.'}, {'type': 'list_item', 'content': 'Information disclosure by leaking kernel addresses and sensitive stack data, which can facilitate further attacks.'}] [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by running a proof-of-concept (PoC) exploit that sends crafted IOCTL requests to the vulnerable driver (wnBios64.sys) with the IOCTL code 0x80102058 and varying the Options parameter length. The PoC demonstrates triggering the stack buffer overflow and information leak.
To test for the vulnerability, you can compile and run the provided PoC exploit code (poc_wnbios64_stack_exploit.c) on a Windows system with administrator privileges. The compilation command is:
- gcc poc_wnbios64_stack_exploit.c -o poc_wnbios64_stack_exploit.exe
Running this executable will attempt to send the crafted IOCTL requests and can reveal if the system is vulnerable by causing system crashes or leaking kernel stack data.
Note: This test should only be performed in controlled, authorized environments as it may cause system instability or crashes.
What immediate steps should I take to mitigate this vulnerability?
I don't know