CVE-2025-6965 - Vulnerability Details

Description

There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.

Published: 2025-07-15

Score: 7.2 High

EPSS: 1.0% Low

KEV: No

Impact:

Action:

Analysis

Impact

This issue arises when the number of aggregate terms in a query exceeds the number of available columns, causing an integer truncation error that leads to memory corruption. The resulting overwrite can crash the application or, if an attacker can influence the memory layout, lead to arbitrary code execution. The weakness is classified as CWE-197.

Affected Systems

SQLite databases reported for versions prior to 3.50.2 are affected. The CVE specifically lists SQLite SQLite as the vendor, and the affected version range is all releases before 3.50.2.

Risk and Exploitability

The CVSS score of 7.2 indicates a high severity, while the EPSS score of 1% suggests that exploitation is not yet widespread but possible. The vulnerability is not listed in CISA KEV. Attackers could possibly exploit the flaw by submitting crafted SQL statements that trigger the aggregate over‑allocation; this is inferred from the description and typical usage of SQLite. Successful exploitation would require ability to run SQL against the vulnerable SQLite instance, which may be local or exposed over a network depending on the application design.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

SQLite

unaffected

Version	Status	Constraints
`0`	affected	< 3.50.2

Configuration 1 [-]

cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:*

No data.

Vendor	Product	Confidence	Versions
Sqlite	Sqlite	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the SQLite engine to version 3.50.2 or later to apply the fix for the integer truncation error.
If an upgrade cannot be performed immediately, validate and constrain any input that generates aggregate queries to ensure the number of terms does not exceed the number of columns or otherwise trigger the vulnerability, mitigating the risk of memory corruption.
Apply any additional vendor-supplied safeguards such as input sanitization or access controls that limit the creation or execution of complex aggregate queries, especially when processing untrusted data.

Generated by OpenCVE AI on April 20, 2026 at 16:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2025-21441	There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.
Ubuntu USN	USN-7676-1	SQLite vulnerability
Ubuntu USN	USN-7679-1	SQLite vulnerabilities

Attack Vector Network

Attack Complexity High

Privileges Required Low

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact High

Subsequent System Availability Impact Low

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.01018.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
http://seclists.org/fulldisclosure/2025/Sep/49
http://seclists.org/fulldisclosure/2025/Sep/53
http://seclists.org/fulldisclosure/2025/Sep/56
http://seclists.org/fulldisclosure/2025/Sep/57
http://seclists.org/fulldisclosure/2025/Sep/58
http://www.openwall.com/lists/oss-security/2025/09/06/1
https://cert-portal.siemens.com/productcert/html/ssa-225816.html
https://cert-portal.siemens.com/productcert/html/ssa-485750.html
https://nvd.nist.gov/vuln/detail/CVE-2025-6965
https://www.cve.org/CVERecord?id=CVE-2025-6965
https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8

History

Tue, 14 Apr 2026 10:30:00 +0000

Type	Values Removed	Values Added
References		https://cert-portal.siemens.com/productcert/html/ssa-225816.html https://cert-portal.siemens.com/productcert/html/ssa-485750.html

Tue, 04 Nov 2025 22:30:00 +0000

Type	Values Removed	Values Added
References		http://www.openwall.com/lists/oss-security/2025/09/06/1

Mon, 03 Nov 2025 19:30:00 +0000

Type	Values Removed	Values Added
References		http://seclists.org/fulldisclosure/2025/Sep/49 http://seclists.org/fulldisclosure/2025/Sep/53 http://seclists.org/fulldisclosure/2025/Sep/56 http://seclists.org/fulldisclosure/2025/Sep/57 http://seclists.org/fulldisclosure/2025/Sep/58

Tue, 22 Jul 2025 17:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:sqlite:sqlite::::::::
Metrics	cvssV3_1 `{'score': 7.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L'}`	cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

Wed, 16 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics		epss `{'score': 0.00042}`

Wed, 16 Jul 2025 00:15:00 +0000

Type	Values Removed	Values Added
References		https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.cve.org/CVERecord?id=CVE-2025-6965
Metrics	threat_severity `None`	cvssV3_1 `{'score': 7.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L'}` threat_severity `Important`

Tue, 15 Jul 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 15 Jul 2025 14:00:00 +0000

Type	Values Removed	Values Added
Description		There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.
Title		Integer Truncation on SQLite
Weaknesses		CWE-197
References		https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8
Metrics		cvssV4_0 `{'score': 7.2, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/S:N/AU:N/R:U/V:D/RE:L/U:Green'}`

Subscriptions

Sqlite Sqlite

MITRE

Status: PUBLISHED

Assigner: Google

Published: 2025-07-15T13:44:00.784Z

Updated: 2026-04-29T03:55:46.708Z

Reserved: 2025-07-01T09:19:04.750Z

Link: CVE-2025-6965

Vulnrichment

Updated: 2025-11-04T21:14:51.528Z

NVD

Status : Modified

Published: 2025-07-15T14:15:31.080

Modified: 2026-04-14T10:16:29.853

Link: CVE-2025-6965

Redhat

Severity : Important

Publid Date: 2025-07-15T13:44:00Z

Links: CVE-2025-6965 - Bugzilla

OpenCVE Enrichment

Updated: 2026-04-20T17:00:12Z

Weaknesses

CWE-197

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity High

Privileges Required Low

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact High

Subsequent System Availability Impact Low

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object