CVE-2025-71263 identifies a classic buffer overflow vulnerability (CWE-120) in the 'su' command of AT&T Bell Labs UNIX Fourth Research Edition (v4). The vulnerability stems from the 'password' variable being allocated a fixed buffer size of 100 bytes without proper bounds checking during input copying. A local attacker with access to the system can exploit this flaw by providing an input exceeding 100 bytes, causing a buffer overflow that can overwrite adjacent memory. This memory corruption can be leveraged to escalate privileges to root, compromising system confidentiality, integrity, and availability. The vulnerability has a CVSS v3.1 base score of 7.4, reflecting high impact but limited attack vector (local access required) and high attack complexity. The affected product is no longer supported or widely deployed, primarily existing in legacy or lab environments. No patches or fixes are currently available, and no known exploits have been observed in the wild. The vulnerability highlights the risks of outdated software lacking modern security mitigations such as stack canaries or address space layout randomization (ASLR).

If exploited, this vulnerability allows a local attacker to gain root privileges, leading to full system compromise. This includes unauthorized access to sensitive data, modification or deletion of critical files, and disruption of system availability. However, the impact is mitigated by the fact that UNIX v4 is an obsolete operating system rarely used outside of controlled lab environments. Organizations still running this system face significant risk if local user accounts are not tightly controlled. The vulnerability could facilitate lateral movement or privilege escalation within legacy infrastructure, potentially undermining security in research or historical computing setups. Since no remote exploitation is possible, the threat is limited to insiders or attackers with physical or authenticated access.

Given the unsupported status of UNIX v4, the primary mitigation is to phase out or isolate affected systems from production and network environments. If continued use is necessary, restrict local user access to trusted personnel only and monitor for unusual activity. Employ system-level controls such as mandatory access controls (MAC) or sandboxing to limit the impact of potential exploitation. Since no official patches exist, consider applying manual source code audits and recompilation with added bounds checking if source code is available. Use virtualization or containerization to encapsulate legacy environments, reducing exposure. Maintain strict physical security and access logging to detect unauthorized local access attempts. Document and segregate legacy systems to prevent cross-contamination with modern infrastructure.