Cyber Resilience

CVE-2025-70085

Critical

Published: 11 February 2026

Published
11 February 2026
Modified
17 February 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0053 40.7th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2025-70085 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Opensatkit Opensatkit. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 40.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2025-70085, published on 2026-02-11, is a stack buffer overflow vulnerability (CWE-121) in OpenSatKit version 2.2.1. The flaw resides in the file manager component at cfs/apps/filemgr/fsw/src/file.c, where the EventErrStr buffer is fixed at 256 bytes. Code in multiple functions, including FILE_ConcatenateCmd() and ConcatenateFiles(), uses sprintf to format two filenames—Source1Filename and the string from FileUtil_FileStateStr—without length validation or bounded specifiers like %.*s. Filenames approaching OS_MAX_PATH_LEN (typically 64-256 bytes), combined with constant text, exceed the buffer size, triggering the overflow.

The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating network-accessible exploitation with low attack complexity, no privileges, no user interaction, and unchanged scope. Remote attackers can trigger the buffer overflow, potentially achieving high-impact compromise of confidentiality, integrity, and availability, such as arbitrary code execution on affected systems running the vulnerable OpenSatKit instance.

References provided include a GitHub Gist (https://gist.github.com/jonafk555) likely detailing the discovery, the OpenSatKit repository (https://github.com/OpenSatKit/OpenSatKit), the v2.2.1 release page (https://github.com/OpenSatKit/OpenSatKit/releases/tag/v2.2.1), and the vulnerable source file (https://raw.githubusercontent.com/OpenSatKit/OpenSatKit/master/cfs/apps/filemgr/fsw/src/file.c). No explicit patch or mitigation guidance is detailed in the CVE description.

EU & UK References

Vulnerability details

An issue was discovered in OpenSatKit 2.2.1. The EventErrStr buffer has a fixed size of 256 bytes. The code uses sprintf to format two filenames (Source1Filename and the string returned by FileUtil_FileStateStr) into this buffer without any length checking and…

more

without using bounded format specifiers such as %.*s. If the filename length approaches OS_MAX_PATH_LEN (commonly 64-256 bytes), the combined formatted string together with constant text can exceed 256 bytes, resulting in a stack buffer overflow. Such unsafe sprintf calls are scattered across multiple functions in file.c, including FILE_ConcatenateCmd() and ConcatenateFiles(), all of which fail to validate the output length.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Remote network-accessible stack buffer overflow in file manager component directly enables exploitation of a public-facing application for arbitrary code execution (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-70083Same product: Opensatkit Opensatkit
CVE-2025-70084Same product: Opensatkit Opensatkit
CVE-2026-38422Shared CWE-121
CVE-2025-11783Shared CWE-121
CVE-2025-54491Shared CWE-121
CVE-2024-39359Shared CWE-121
CVE-2026-42469Shared CWE-121
CVE-2020-37159Shared CWE-121
CVE-2024-39603Shared CWE-121
CVE-2024-36258Shared CWE-121

Affected Assets

opensatkit
opensatkit
2.2.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mandates identification, reporting, and correction of the stack buffer overflow flaw in OpenSatKit's file.c by patching unsafe sprintf calls with bounded alternatives.

prevent

Requires validation of filename inputs to ensure combined lengths with constant text do not exceed the 256-byte EventErrStr buffer, preventing the overflow.

prevent

Implements memory protections such as stack canaries, ASLR, and DEP to prevent unauthorized code execution even if the buffer overflow occurs.

References