CVE-2025-6965
CRITICALDescription
There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.
CVSS v3.1 Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Type (CWE)
CWE-197
CWE-197
Affected Products
| Vendor | Product |
|---|---|
| sqlite | sqlite |
References
Advisories & Patches
Other References
http://seclists.org/fulldisclosure/2025/Sep/49
http://seclists.org/fulldisclosure/2025/Sep/53
http://seclists.org/fulldisclosure/2025/Sep/56
http://seclists.org/fulldisclosure/2025/Sep/57
http://seclists.org/fulldisclosure/2025/Sep/58
http://www.openwall.com/lists/oss-security/2025/09/06/1
https://cert-portal.siemens.com/productcert/html/ssa-225816.html
https://cert-portal.siemens.com/productcert/html/ssa-485750.html
Frequently Asked Questions
What is CVE-2025-6965? +
There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above. It has a CVSS v3.1 base score of 9.8 (CRITICAL).
How severe is CVE-2025-6965? +
CVE-2025-6965 has a CVSS v3.1 score of 9.8 out of 10, rated CRITICAL. This is a critical vulnerability that should be patched immediately.
What products are affected by CVE-2025-6965? +
CVE-2025-6965 affects products from sqlite, specifically: sqlite. Check the affected products table above for specific version ranges.
How do I check if I'm vulnerable to CVE-2025-6965? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.
Related Vulnerabilities
CVE-2024-43639
9.8
Windows KDC Proxy Remote Code Execution Vulnerability
CVE-2024-28944
8.8
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-21391
8.8
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21440
8.8
Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2024-21352
8.8
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21451
8.8
Microsoft ODBC Driver Remote Code Execution Vulnerability