CVE-2025-70616 in wnBios64.sysinfo

Zusammenfassung

von MITRE • 05.03.2026

A stack buffer overflow vulnerability exists in the Wincor Nixdorf wnBios64.sys kernel driver (version 1.2.0.0) in the IOCTL handler for code 0x80102058. The vulnerability is caused by missing bounds checking on the user-controlled Options parameter before copying data into a 40-byte stack buffer (Src[40]) using memmove. An attacker with local access can exploit this vulnerability by sending a crafted IOCTL request with Options > 40, causing a stack buffer overflow that may lead to kernel code execution, local privilege escalation, or denial of service (system crash). Additionally, the same IOCTL handler can leak kernel addresses and other sensitive stack data when reading beyond the buffer boundaries.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

MITRE

Reservieren

09.01.2026

Veröffentlichung

05.03.2026

Moderieren

akzeptiert

Eintrag

VDB-349253

CPE

bereit

CWE

CWE-121 (bestätigt)

CVSS

7.8 (CISA-ADP)

EPSS

0.00017

KEV

nein

Aktivitäten

very low

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-70616
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-70616
CVE Details	https://www.cvedetails.com/cve/CVE-2025-70616/

◂ Zurück Übersicht Weiter ▸

Do you know our Splunk app?

Download it now for free!