← back
CVE-2025-6965

Integer Truncation on SQLite

CVSS 7.2 HIGHEPSS 64.9%CWE-197
There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/S:N/AU:N/R:U/V:D/RE:L/U:Green
Affected products
SQLite · SQLite
public PoCs found1
exploitdbwww.exploit-db.com/exploits/52499unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://cert-portal.siemens.com/productcert/html/ssa-225816.htmlhttps://cert-portal.siemens.com/productcert/html/ssa-485750.htmlhttp://seclists.org/fulldisclosure/2025/Sep/49http://seclists.org/fulldisclosure/2025/Sep/53http://seclists.org/fulldisclosure/2025/Sep/56http://seclists.org/fulldisclosure/2025/Sep/57http://seclists.org/fulldisclosure/2025/Sep/58https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8http://www.openwall.com/lists/oss-security/2025/09/06/1