CVE-2025-3277 — Vulnetix

CVE-2025-3277 PUBLISHED CVSS 9.800000190734863 CRITICAL

An integer overflow vulnerability exists in SQLite's concat_ws() function that can lead to a massive heap buffer overflow. When triggered, the integer overflow results in a truncated size value being used for buffer allocation, while the original untruncated size is used for writing the resulting string, causing a heap buffer overflow of approximately 4GB.

EPSS 0.11% · 28.5th percentile

Risk Scores

CVSS 3.1

9.800000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

EPSS Score

0.11%

28.5th percentile

Affected Products

Vendor	Product	Versions
ABB	ABB Ability Camera Connect <=2.0.0.42
ABB	B&R Industrial Automation GmbH Automation Studio <6.5
ABB	ABB B&R Automation Studio <6.5

Exploit Intelligence

CVE-2025-38062.yara (github-yara)
CVE-2025-38062.yara (github-yara)
CVE-2025-38062.yara (github-yara)
CVE-2025-38062.yara (github-yara)
CVE-2025-38062.yara (github-yara)
CVE-2025-38062.yara (github-yara)
CVE-2025-38062.yara (github-yara)
CVE-2025-38062.yara (github-yara)
CVE-2025-38062.yara (github-yara)
CVE-2025-38062.yara (github-yara)

…and 12 more exploits

Timeline

Apr 14, 2025 CVE Published
Apr 15, 2025 EPSS Score
Apr 27, 2025 EPSS Score
May 10, 2025 EPSS Score
May 21, 2025 Coalition ESS Score
May 22, 2025 EPSS Score
May 27, 2025 CVE Updated
Jun 4, 2025 EPSS Score
Jun 16, 2025 EPSS Score
Jun 28, 2025 EPSS Score
Jul 11, 2025 EPSS Score
Jul 23, 2025 EPSS Score

References

Open in Interactive Console →