CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-6965: Integer Truncation on SQLite

7.2 CVSS

Description

There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.

Classification

CVE ID: CVE-2025-6965

CVSS Base Severity: HIGH

CVSS Base Score: 7.2

CVSS Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/S:N/AU:N/R:U/V:D/RE:L/U:Green

Problem Types

CWE-197: Numeric Truncation Error

Affected Products

Vendor: SQLite

Product: SQLite

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: partial

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2025-6965
https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8

Timeline

2025-07-15 14:40:16 UTC
CVE

Integer Truncation on SQLite
2025-07-15 18:30:21 UTC
The Record

Google says ‘Big Sleep’ AI tool found bug hackers planned to use