CVE-2025-70616
Awaiting Analysis Awaiting Analysis - Queue
Stack Buffer Overflow in Wincor Nixdorf wnBios64.sys Driver

Publication date: 2026-03-05

Last updated on: 2026-03-10

Assigner: MITRE

Description
A stack buffer overflow vulnerability exists in the Wincor Nixdorf wnBios64.sys kernel driver (version 1.2.0.0) in the IOCTL handler for code 0x80102058. The vulnerability is caused by missing bounds checking on the user-controlled Options parameter before copying data into a 40-byte stack buffer (Src[40]) using memmove. An attacker with local access can exploit this vulnerability by sending a crafted IOCTL request with Options > 40, causing a stack buffer overflow that may lead to kernel code execution, local privilege escalation, or denial of service (system crash). Additionally, the same IOCTL handler can leak kernel addresses and other sensitive stack data when reading beyond the buffer boundaries.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-05
Last Modified
2026-03-10
Generated
2026-06-16
AI Q&A
2026-03-05
EPSS Evaluated
2026-06-15
NVD
CVE-2025-70616
EUVD
EUVD-2025-208323
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
dieboldnixdorf wnbios64.sys 1.2.0.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2025-70616 is a stack-based buffer overflow vulnerability in the Wincor Nixdorf wnBios64.sys kernel driver version 1.2.0.0. It occurs in the IOCTL handler for code 0x80102058 due to missing bounds checking on a user-controlled parameter called "Options."'}, {'type': 'paragraph', 'content': 'When the value of Options is greater than 40, the driver uses memmove to copy data into a fixed-size 40-byte stack buffer without validating the length, causing a stack buffer overflow.'}, {'type': 'paragraph', 'content': 'This overflow can overwrite local variables, return addresses, and other stack data, potentially allowing an attacker with local access to execute arbitrary kernel code, escalate privileges, or cause a system crash (denial of service).'}, {'type': 'paragraph', 'content': 'Additionally, the vulnerability can leak kernel addresses and sensitive stack data by reading beyond the buffer boundaries, which can aid further exploitation.'}] [1]

Impact Analysis

[{'type': 'paragraph', 'content': 'This vulnerability can have several serious impacts if exploited by an attacker with local access:'}, {'type': 'list_item', 'content': 'Local privilege escalation, allowing the attacker to gain higher-level permissions on the system.'}, {'type': 'list_item', 'content': "Arbitrary kernel code execution, which can compromise the entire operating system's security."}, {'type': 'list_item', 'content': 'Denial of service through system crashes (blue screen of death) caused by the stack overflow.'}, {'type': 'list_item', 'content': 'Information disclosure by leaking kernel addresses and sensitive stack data, which can facilitate further attacks.'}] [1]

Compliance Impact

I don't know

Detection Guidance

This vulnerability can be detected by running a proof-of-concept (PoC) exploit that sends crafted IOCTL requests to the vulnerable driver (wnBios64.sys) with the IOCTL code 0x80102058 and varying the Options parameter length. The PoC demonstrates triggering the stack buffer overflow and information leak.

To test for the vulnerability, you can compile and run the provided PoC exploit code (poc_wnbios64_stack_exploit.c) on a Windows system with administrator privileges. The compilation command is:

  • gcc poc_wnbios64_stack_exploit.c -o poc_wnbios64_stack_exploit.exe

Running this executable will attempt to send the crafted IOCTL requests and can reveal if the system is vulnerable by causing system crashes or leaking kernel stack data.

Note: This test should only be performed in controlled, authorized environments as it may cause system instability or crashes.

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-70616. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart