CVE-2025-5555
8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
Summary
A vulnerability has been found in Nixdorf Wincor PORT IO Driver up to 1.0.0.1. This affects the function sub_11100 in the library wnport.sys of the component IOCTL Handler. Such manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 3.0.0.1 is able to mitigate this issue. Upgrading the affected component is recommended. The vendor was contacted beforehand and was able to provide a patch very early.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Nixdorf Wincor | PORT IO Driver | 1.0.0.0 | affected |
| Nixdorf Wincor | PORT IO Driver | 1.0.0.1 | affected |
| Nixdorf Wincor | PORT IO Driver | 3.0.0.1 | unaffected |
Weaknesses
- CWE-121: Stack-based Buffer Overflow
- CWE-119: Memory Corruption
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: total
References
- https://vuldb.com/?id.329013
- https://vuldb.com/?ctiid.329013
- https://vuldb.com/?submit.604823
- https://b.iakb.org/2025/06/26/Wincor-Nixdorf-PORT-IO-Driver-Buffer-Overflow/
- https://download.dieboldnixdorf.com/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.