Published On: Dec 14, 2025 20:53
Advisory No: TZCERT-SA-25-0130
Source: HP
Software Affected: HPE Virtualized Telecommunication Management Information Platform (vTeMIP)
HPE Virtualized Telecommunication Management Information Platform (vTeMIP) is affected by critical vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code.
HPE vTeMIP is affected by vulnerabilities tracked as CVE-2025-3277 and CVE-2025-6965 with CVSS scores of 9.8 each. The vulnerabilities result from integer overflow in SQLite’s `concat_ws()` function, and the number of aggregate terms could exceed the number of columns available. The vulnerabilities allow a remote attacker to perform memory corruption, buffer overflow, or cause a denial of service (DoS) condition.
Successful exploitation of these vulnerabilities may allow the attackers to take control of the affected system.
HP has released security patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.
A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.
