How to fix CVE-2025-70083?

Within 24 hours: Audit all OpenSatKit instances in your environment and document version numbers and deployment locations. Within 7 days: Implement network segmentation to restrict telecommand input sources to trusted ground segment systems only, and enable strict input validation/filtering on DirName parameters at the application layer. Within 30 days: Monitor vendor communications for patch availability and establish a expedited patch deployment plan; consider evaluating alternative satellite command solutions if patch timeline extends beyond 60 days.

Is Opensatkit affected by CVE-2025-70083?

OpenSatKit 2.2.1 contains a critical input validation vulnerability in its telecommand DirName field that could allow attackers to execute unauthorized operations or compromise satellite ground control systems.

CVE-2025-70083

HIGH

2026-02-11 [email protected]

7.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:02 vuln.today

CVE Published

Feb 11, 2026 - 18:16 nvd

HIGH 7.8

Description

An issue was discovered in OpenSatKit 2.2.1. The DirName field in the telecommand is provided by the ground segment and must be treated as untrusted input. The program copies DirName into the local buffer DirWithSep using strcpy. The size of this buffer is OS_MAX_PATH_LEN. If the length of DirName is greater than or equal to OS_MAX_PATH_LEN, a stack buffer overflow occurs, overwriting adjacent stack memory. The path length check (FileUtil_AppendPathSep) is performed after the strcpy operation, meaning the validation occurs too late and cannot prevent the overflow.

Analysis

An issue was discovered in OpenSatKit 2.2.1. The DirName field in the telecommand is provided by the ground segment and must be treated as untrusted input. [CVSS 7.8 HIGH]

Technical Context

Classified as CWE-121 (Stack-based Buffer Overflow). Affects Opensatkit. An issue was discovered in OpenSatKit 2.2.1. The DirName field in the telecommand is provided by the ground segment and must be treated as untrusted input. The program copies DirName into the local buffer DirWithSep using strcpy. The size of this buffer is OS_MAX_PATH_LEN. If the length of DirName is greater than or equal to OS_MAX_PATH_LEN, a stack buffer overflow occurs, overwriting adjacent stack memory. The path length check (FileUtil_AppendPathSep) is performed after the strcpy operation, m

Affected Products

Vendor: Opensatkit. Product: Opensatkit. Versions: up to 2.2.1.

Remediation

Monitor vendor advisories for a patch. Enable ASLR, DEP/NX, and stack canaries where possible.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +39

POC: 0

CVE-2025-70083 vulnerability details – vuln.today

Back

CVE-2025-70083

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-70083

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code