CVE-2025-3408HIGH 8.8EPSS p32.6%

CVE-2025-3408CVE-2025-3408

Description

A vulnerability was found in Nothings stb up to f056911. It has been rated as critical. Affected by this issue is the function stb_dupreplace. The manipulation leads to integer overflow. The attack may be launched remotely. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS0.41% probability of exploitation · percentile 32.6% · 2026-06-19T12:03:05Z
Published2025-04-08
Last modified2026-05-19

Underlying weaknesses· 2

CWE-189CWE-190

References

  1. https://vuldb.com/?ctiid.303686
  2. https://vuldb.com/?id.303686
  3. https://vuldb.com/?submit.544230
  4. https://vuldb.com/?submit.544230

2

TypeTargetConfidenceTier
cwe-1890%live
WeaknessInteger Overflow or Wraparoundcwe-1900%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-3407
CVE
CVE-2025-3409
CVE
CVE-2026-5315
CVE
CVE-2026-5314
CVE
CVE-2026-5317
CVE
CVE-2025-69764
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.