CVE-2025-6965 HIGH

CVE-2025-6965: Integer Truncation on SQLite

Vendor Sqlite
Product SQLite
Weakness CWE-197
Published July 15, 2025
Last update April 29, 2026

CVSS base score

7.2/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/S:N/AU:N/R:U/V:D/RE:L/U:Green

What the vulnerability does

01Description

There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.

Key dates

02Disclosure timeline

July 15, 2025 CVE published
April 29, 2026 Record updated