A Stack Buffer Overflow issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualization software, are affected: CODESYS Web Server Versions 2.3 and prior. A malicious user could overflow the stack buffer by providing overly long strings to functions that handle the XML. Because the function does not verify string size before copying to memory, the attacker may then be able to crash the application or run arbitrary code.
Conclusion & alert: CVE-2017-6025 is rated High Risk (67.9/100): CVSS Critical severity, with medium exploitation likelihood (EPSS 2.00%). Core evidence: EPSS rose +1.37% over the last day, indicating growing attacker interest. Mandatory action: High exploitation likelihood—assess exposure and prioritize remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 0.63% | 2.00% | +1.37% |
| 2 | 2025-03-30 | 0.94% | 0.63% | -0.31% |
| 3 | 2025-03-29 | — | 0.94% | — |
Full EPSS history (8 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 9.8 | 3.0 | CRITICAL |
|
3.9 | 5.9 | [email protected] |
| 7.5 | 2.0 | HIGH |
|
10.0 | 6.4 | [email protected] |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| codesys | web_server | <= 2.3 | cpe:2.3:a:codesys:web_server:*:*:*:*:*:*:*:* |
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/97174 | Third Party Advisory VDB Entry |
| https://ics-cert.us-cert.gov/advisories/ICSA-17-087-02 | Third Party Advisory US Government Resource |