CVE-2025-5555 HIGH

CVE-2025-5555: Nixdorf Wincor PORT IO Driver IOCTL wnport.sys sub_11100 stack-based overflow

Vendor Nixdorf Wincor
Product PORT IO Driver
Weakness CWE-121
Published October 18, 2025
Last update October 20, 2025

CVSS base score

8.5/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability has been found in Nixdorf Wincor PORT IO Driver up to 1.0.0.1. This affects the function sub_11100 in the library wnport.sys of the component IOCTL Handler. Such manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 3.0.0.1 is able to mitigate this issue. Upgrading the affected component is recommended. The vendor was contacted beforehand and was able to provide a patch very early.

Key dates

02Disclosure timeline

October 18, 2025 CVE published
October 20, 2025 Record updated