CVE-2025-3277 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-3277 PUBLISHED CVSS 9.800000190734863 CRITICAL

An integer overflow can be triggered in SQLite's concat_ws() function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild heap buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.

EPSS 0.74% · 72.9th percentile

Risk Scores

CVSS v3.1

9.800000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

EPSS Score

0.74%

72.9th percentile

Affected Products

Vendor	Product	Versions
ABB	ABB Ability Camera Connect <=2.0.0.42
ABB	ABB B&R Automation Studio <6.5

Timeline

Apr 14, 2025 CVE Published
Apr 15, 2025 EPSS Score
Apr 27, 2025 EPSS Score
May 9, 2025 EPSS Score
May 21, 2025 EPSS Score
May 21, 2025 Coalition ESS Score
May 27, 2025 CVE Updated
Jun 1, 2025 EPSS Score
Jun 13, 2025 EPSS Score
Jun 25, 2025 EPSS Score
Jul 7, 2025 EPSS Score
Jul 19, 2025 EPSS Score

References

Open in Interactive Console →