Skip to main content
CVE-2025-6965 HIGH POC PATCH CISA Act Now

Memory corruption in SQLite versions before 3.50.2 allows network-based attackers with low privileges to manipulate aggregate queries causing integrity impacts. The vulnerability stems from improper validation of aggregate terms against available columns (CWE-197), leading to buffer overflow conditions. CVSS 7.2 (High) with network attack vector but high complexity and partial attack complexity requirements. Vendor-released patch available in SQLite 3.50.2. No confirmed active exploitation (not in CISA KEV), though multiple security advisories from Siemens and OSS-security mailing lists indicate broad downstream impact across industrial control systems and embedded products using SQLite.

Buffer Overflow Sqlite
NVD Exploit-DB VulDB
CVSS 4.0
7.2
EPSS
1.5%
Threat
5.0

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy