CVE-2025-70083 – A stack buffer overflow vulnerability in OpenSa... (How to Fix)

Q: What is the severity of CVE-2025-70083?

CVE-2025-70083 has a CVSS score of 7.8 (HIGH). A stack buffer overflow vulnerability in OpenSatKit 2.2.1 allows remote attackers to execute arbitrary code by sending specially crafted telecommands with overly long DirName fields. This affects systems running OpenSatKit 2.2.1 that process untrusted ground segment inputs. The vulnerability occurs because strcpy copies untrusted input before length validation.

📋 TL;DR

A stack buffer overflow vulnerability in OpenSatKit 2.2.1 allows remote attackers to execute arbitrary code by sending specially crafted telecommands with overly long DirName fields. This affects systems running OpenSatKit 2.2.1 that process untrusted ground segment inputs. The vulnerability occurs because strcpy copies untrusted input before length validation.

💻 Affected Systems

Products:

OpenSatKit

Versions: 2.2.1

Operating Systems: Any OS running OpenSatKit

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerable when processing telecommands with DirName field from untrusted sources.

📦 What is this software?

Opensatkit by Opensatkit

View all CVEs affecting Opensatkit →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, potential satellite control takeover, or denial of service.

🟠

Likely Case

Application crash or denial of service due to buffer overflow corruption.

🟢

If Mitigated

Limited impact if input validation and boundary checks are implemented before copying.

🌐 Internet-Facing: MEDIUM - Requires ground segment access but could be exploited remotely if telecommands are exposed.

🏢 Internal Only: HIGH - Ground segment systems processing untrusted commands are directly vulnerable.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires ability to send telecommands to vulnerable system. No public exploit available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check latest release after v2.2.1

Vendor Advisory: https://github.com/OpenSatKit/OpenSatKit

Restart Required: No

Instructions:

1. Update to latest OpenSatKit version. 2. Replace strcpy with strncpy or similar bounded copy. 3. Validate DirName length before copying.

🔧 Temporary Workarounds

Input validation wrapper

all

Add pre-copy validation for DirName length

Implement function to check strlen(DirName) < OS_MAX_PATH_LEN before strcpy

🧯 If You Can't Patch

Implement network segmentation to restrict telecommand sources
Deploy runtime protection like stack canaries or ASLR

🔍 How to Verify

Check if Vulnerable:

Check if running OpenSatKit 2.2.1 and review dir.c for strcpy(DirWithSep, DirName) without prior length check.

Check Version:

Check OpenSatKit version in configuration or build metadata

Verify Fix Applied:

Confirm strcpy replaced with bounded copy function and length validation occurs before copying.

📡 Detection & Monitoring

Log Indicators:

Application crashes
Stack corruption errors
Unexpected process termination

Network Indicators:

Unusually long DirName fields in telecommand traffic

SIEM Query:

Search for process crashes related to filemgr or DirName processing

📊 Metadata

CVE ID: CVE-2025-70083

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-121

EPSS Score: 0.01% exploit probability (1.6th percentile)

Published: February 11, 2026

Last Updated: February 17, 2026

🔗 References

https://gist.github.com/jonafk555 Third Party Advisory
https://github.com/OpenSatKit/OpenSatKit Product
https://github.com/OpenSatKit/OpenSatKit/releases/tag/v2.2.1 Release Notes
https://raw.githubusercontent.com/OpenSatKit/OpenSatKit/master/cfs/apps/filemgr/fsw/src/dir.c Product
https://raw.githubusercontent.com/OpenSatKit/OpenSatKit/master/cfs/apps/filemgr/fsw/src/dir.c#:~:text=strcpy%28DirWithSep Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-70083, you might also want to check these: