CVE-2025-3409: Nothings stb stb_include_string stack-based overflow
First published: Tue Apr 08 2025(Updated: )
A vulnerability classified as critical has been found in Nothings stb up to f056911. This affects the function stb_include_string. The manipulation of the argument path_to_includes leads to stack-based buffer overflow. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nothing OS | <=f056911 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-3409?
CVE-2025-3409 is classified as a critical severity vulnerability.
How do I fix CVE-2025-3409?
To mitigate CVE-2025-3409, update Nothings stb to a version higher than f056911.
What component is affected by CVE-2025-3409?
CVE-2025-3409 affects the stb_include_string function in Nothings stb.
What type of vulnerability is CVE-2025-3409?
CVE-2025-3409 is a stack-based buffer overflow vulnerability.
Can CVE-2025-3409 be exploited remotely?
Yes, CVE-2025-3409 can be exploited remotely.
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/weakness
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/author
- agent/last-modified-date
- agent/severity
- agent/event
- collector/epss-latest
- source/FIRST
- agent/source
- agent/epss
- agent/tags
- vendor/nothings
- canonical/nothing os