How to fix CVE-2025-70616?

Within 24 hours: Identify and inventory all systems running Wincor Nixdorf wnBios64.sys version 1.2.0.0; isolate affected systems from critical networks if operationally feasible. Within 7 days: Implement network segmentation to restrict local access to affected systems; disable the vulnerable driver if operationally possible; apply host-based monitoring for suspicious IOCTL calls to 0x80102058. Within 30 days: Contact Wincor Nixdorf for patch availability and timeline; evaluate replacement or upgrade options; implement kernel driver code-signing enforcement and driver load restrictions on affected systems.

Is Wnbios64.Sys affected by CVE-2025-70616?

A high-severity kernel driver vulnerability (CVE-2025-70616) affecting Wincor Nixdorf wnBios64.sys poses a local privilege escalation risk to systems running this driver.

CVE-2025-70616

HIGH

2026-03-05 [email protected]

7.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:06 vuln.today

PoC Detected

Mar 10, 2026 - 19:41 vuln.today

Public exploit code

CVE Published

Mar 05, 2026 - 19:16 nvd

HIGH 7.8

Description

A stack buffer overflow vulnerability exists in the Wincor Nixdorf wnBios64.sys kernel driver (version 1.2.0.0) in the IOCTL handler for code 0x80102058. The vulnerability is caused by missing bounds checking on the user-controlled Options parameter before copying data into a 40-byte stack buffer (Src[40]) using memmove. An attacker with local access can exploit this vulnerability by sending a crafted IOCTL request with Options > 40, causing a stack buffer overflow that may lead to kernel code execution, local privilege escalation, or denial of service (system crash). Additionally, the same IOCTL handler can leak kernel addresses and other sensitive stack data when reading beyond the buffer boundaries.

Analysis

A stack buffer overflow vulnerability exists in the Wincor Nixdorf wnBios64.sys kernel driver (version 1.2.0.0) in the IOCTL handler for code 0x80102058. [CVSS 7.8 HIGH]

Technical Context

Classified as CWE-121 (Stack-based Buffer Overflow). Affects the IOCTL component of Wnbios64.Sys. A stack buffer overflow vulnerability exists in the Wincor Nixdorf wnBios64.sys kernel driver (version 1.2.0.0) in the IOCTL handler for code 0x80102058. The vulnerability is caused by missing bounds checking on the user-controlled Options parameter before copying data into a 40-byte stack buffer (Src[40]) using memmove. An attacker with local access can exploit this vulnerability by sending a crafted IOCTL request with Options > 40, causing a stack buffer overflow that may lead to kernel code e

Affected Products

Vendor: Dieboldnixdorf. Product: Wnbios64.Sys. Versions: up to 1.2.0.0. Component: IOCTL.

Remediation

Monitor vendor advisories for a patch. Enable ASLR, DEP/NX, and stack canaries where possible.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +39

POC: +20

CVE-2025-70616 vulnerability details – vuln.today

Back

CVE-2025-70616

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-70616

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code