CVE-2025-70083
Published: 11 February 2026
Summary
CVE-2025-70083 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Opensatkit Opensatkit. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 1.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires validation of untrusted telecommand inputs like DirName length before copying into the fixed-size DirWithSep buffer, directly preventing the stack buffer overflow.
Implements memory protections such as stack canaries, non-executable memory, or ASLR to prevent exploitation of the stack buffer overflow even if the unsafe strcpy occurs.
Mandates identification, reporting, and correction of the specific strcpy buffer overflow flaw in OpenSatKit, with timely patching to eliminate the vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack buffer overflow in local filemgr component with untrusted telecommand input enables arbitrary code execution from low privileges, directly mapping to exploitation for privilege escalation.
NVD Description
An issue was discovered in OpenSatKit 2.2.1. The DirName field in the telecommand is provided by the ground segment and must be treated as untrusted input. The program copies DirName into the local buffer DirWithSep using strcpy. The size of…
more
this buffer is OS_MAX_PATH_LEN. If the length of DirName is greater than or equal to OS_MAX_PATH_LEN, a stack buffer overflow occurs, overwriting adjacent stack memory. The path length check (FileUtil_AppendPathSep) is performed after the strcpy operation, meaning the validation occurs too late and cannot prevent the overflow.
Deeper analysisAI
CVE-2025-70083 is a stack buffer overflow vulnerability (CWE-121) affecting OpenSatKit version 2.2.1. The flaw exists in the file manager component at cfs/apps/filemgr/fsw/src/dir.c, where the DirName field from a telecommand—provided by the ground segment and treated as untrusted input—is copied into the local buffer DirWithSep using strcpy. This buffer is limited to OS_MAX_PATH_LEN bytes, but if DirName is greater than or equal to this length, the copy overflows adjacent stack memory. A subsequent path length check with FileUtil_AppendPathSep occurs after the strcpy, rendering it ineffective for prevention.
The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Exploitation requires local access and low privileges, allowing an attacker to send a telecommand with an overly long DirName. Successful exploitation can result in high-impact consequences, including unauthorized data access, modification, or destruction (confidentiality and integrity), as well as system crashes or disruption (availability), potentially leading to arbitrary code execution via stack overwrite.
References provided include the OpenSatKit GitHub repository, the v2.2.1 release tag, a GitHub Gist, and raw source code excerpts pinpointing the vulnerable strcpy operation. Practitioners should consult these, particularly the repository, for any available patches, updated releases, or mitigation guidance beyond version 2.2.1.
Details
- CWE(s)