CVE-2025-7458 MEDIUM

CVE-2025-7458: SQLite integer overflow in key info allocation may lead to information disclosure.

Vendor Sqlite
Product SQLite
Weakness CWE-190
Published July 29, 2025
Last update July 29, 2025

CVSS base score

6.9/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

An integer overflow in the sqlite3KeyInfoFromExprList function in SQLite versions 3.39.2 through 3.41.1 allows an attacker with the ability to execute arbitrary SQL statements to cause a denial of service or disclose sensitive information from process memory via a crafted SELECT statement with a large number of expressions in the ORDER BY clause.

Key dates

02Disclosure timeline

July 29, 2025 CVE published
July 29, 2025 Record updated