CVE-2025-6965

HIGH
2025-07-15 [email protected]
Buffer Overflow Sqlite
7.2
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
N

Lifecycle Timeline

1
Analysis Generated
Apr 14, 2026 - 10:26 vuln.today

DescriptionNVD

There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.

AnalysisAI

Memory corruption in SQLite versions before 3.50.2 allows network-based attackers with low privileges to manipulate aggregate queries causing integrity impacts. The vulnerability stems from improper validation of aggregate terms against available columns (CWE-197), leading to buffer overflow conditions. CVSS 7.2 (High) with network attack vector but high complexity and partial attack complexity requirements. Vendor-released patch available in SQLite 3.50.2. No confirmed active exploitation (not in CISA KEV), though multiple security advisories from Siemens and OSS-security mailing lists indicate broad downstream impact across industrial control systems and embedded products using SQLite.

Technical ContextAI

SQLite is an embedded relational database engine widely deployed in applications, mobile devices, browsers, and industrial systems. This vulnerability (CWE-197: Numeric Truncation Error) occurs in the SQL aggregate function processing logic where the database engine fails to properly validate that the count of aggregate terms does not exceed the number of columns available in the result set. When this boundary condition is violated, the mismatch triggers out-of-bounds memory access during query execution. The affected component is the SQLite core library (cpe:2.3:a:sqlite:sqlite) used across countless downstream products. The CVSS vector indicates network attack capability (AV:N) but requires authenticated access (PR:L) and has high attack complexity (AC:H) with partial attack complexity timing (AT:P), suggesting specific query construction knowledge is needed. The vulnerability enables high integrity impact to vulnerable (VI:H) and subsequent (SI:H) systems, indicating potential for data manipulation or corruption across application boundaries.

RemediationAI

Upgrade SQLite to version 3.50.2 or later, which contains the fix for aggregate term validation. The vendor patch is available through the official SQLite source repository at https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8. Organizations using SQLite as an embedded component should check with their application vendors for patched versions incorporating SQLite 3.50.2+. For systems where immediate patching is not feasible, implement defense-in-depth controls: restrict SQL query construction privileges, validate and sanitize inputs to aggregate functions, apply least-privilege database access controls, and monitor for anomalous aggregate query patterns. Consult downstream vendor advisories including Siemens Product CERT bulletins (SSA-225816, SSA-485750) for product-specific remediation guidance. Review OSS-security mailing list discussions at http://www.openwall.com/lists/oss-security/2025/09/06/1 for additional technical context and mitigation strategies.

Share

CVE-2025-6965 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy