CVE-2025-3277
CVE Details
Visit the official vulnerability details page for CVE-2025-3277 to learn more.
Initial Publication
04/16/2025
Last Update
09/15/2025
Third Party Dependency
sqlite-libs
NIST CVE Summary
An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.
CVE Severity
Our Official Summary
An integer overflow vulnerability has been identified in SQLite's concat_ws() function. The issue occurs when processing specific database queries, where the resulting truncated integer is used as a length parameter for memory allocation, potentially leading to crashes, unpredictable behavior, data corruption, or in some cases, arbitrary code execution.
This vulnerability has been reported in python libraries images used by the process to run kube-hunter.
In the affected images, multiple security controls are already in place:
- The images are execute only when kube-hunter functionality is executed.
- An attacker would require privileged access within the cluster to attempt exploitation.
- The containers do not permit arbitrary code execution, further mitigating risk.
As a result, the practical impact of this vulnerability is low, with the containerized deployment model significantly reducing the overall attack surface.
Status
Ongoing
Affected Products & Versions
| Version | Palette Enterprise | Palette Enterprise Airgap | VerteX | VerteX Airgap |
|---|---|---|---|---|
| 4.7.16 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
| 4.6.41 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
Revision History
| Date | Revision |
|---|---|
| 09/15/2025 | Status changed from Open to Ongoing |
| 09/15/2025 | Official summary added |