CVE-2025-70085
Published: 11 February 2026
Summary
CVE-2025-70085 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Opensatkit Opensatkit. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 20.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mandates identification, reporting, and correction of the stack buffer overflow flaw in OpenSatKit's file.c by patching unsafe sprintf calls with bounded alternatives.
Requires validation of filename inputs to ensure combined lengths with constant text do not exceed the 256-byte EventErrStr buffer, preventing the overflow.
Implements memory protections such as stack canaries, ASLR, and DEP to prevent unauthorized code execution even if the buffer overflow occurs.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote network-accessible stack buffer overflow in file manager component directly enables exploitation of a public-facing application for arbitrary code execution (T1190).
NVD Description
An issue was discovered in OpenSatKit 2.2.1. The EventErrStr buffer has a fixed size of 256 bytes. The code uses sprintf to format two filenames (Source1Filename and the string returned by FileUtil_FileStateStr) into this buffer without any length checking and…
more
without using bounded format specifiers such as %.*s. If the filename length approaches OS_MAX_PATH_LEN (commonly 64-256 bytes), the combined formatted string together with constant text can exceed 256 bytes, resulting in a stack buffer overflow. Such unsafe sprintf calls are scattered across multiple functions in file.c, including FILE_ConcatenateCmd() and ConcatenateFiles(), all of which fail to validate the output length.
Deeper analysisAI
CVE-2025-70085, published on 2026-02-11, is a stack buffer overflow vulnerability (CWE-121) in OpenSatKit version 2.2.1. The flaw resides in the file manager component at cfs/apps/filemgr/fsw/src/file.c, where the EventErrStr buffer is fixed at 256 bytes. Code in multiple functions, including FILE_ConcatenateCmd() and ConcatenateFiles(), uses sprintf to format two filenames—Source1Filename and the string from FileUtil_FileStateStr—without length validation or bounded specifiers like %.*s. Filenames approaching OS_MAX_PATH_LEN (typically 64-256 bytes), combined with constant text, exceed the buffer size, triggering the overflow.
The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating network-accessible exploitation with low attack complexity, no privileges, no user interaction, and unchanged scope. Remote attackers can trigger the buffer overflow, potentially achieving high-impact compromise of confidentiality, integrity, and availability, such as arbitrary code execution on affected systems running the vulnerable OpenSatKit instance.
References provided include a GitHub Gist (https://gist.github.com/jonafk555) likely detailing the discovery, the OpenSatKit repository (https://github.com/OpenSatKit/OpenSatKit), the v2.2.1 release page (https://github.com/OpenSatKit/OpenSatKit/releases/tag/v2.2.1), and the vulnerable source file (https://raw.githubusercontent.com/OpenSatKit/OpenSatKit/master/cfs/apps/filemgr/fsw/src/file.c). No explicit patch or mitigation guidance is detailed in the CVE description.
Details
- CWE(s)