Cyber Resilience

CVE-2025-6965

High

Published: 15 July 2025

Published
15 July 2025
Modified
14 April 2026
KEV Added
Patch
CVSS Score v4 7.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green
EPSS Score 0.0169 82.6th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-6965 is a high-severity Numeric Truncation Error (CWE-197) vulnerability in Sqlite Sqlite. Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 17.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).

Deeper analysis

A vulnerability in SQLite versions prior to 3.50.2 allows the number of aggregate terms in a query to exceed the number of available columns, resulting in memory corruption. The flaw is tracked as CVE-2025-6965 and carries a CVSS 4.0 score of 7.2 with network attack vector, low privileges required, and high attack complexity.

An attacker who can supply or influence SQL statements processed by an affected SQLite instance may trigger the out-of-bounds condition. Successful exploitation can corrupt memory and produce high-integrity impacts on the affected process, though the high complexity and prerequisite access limit the practical attack surface to applications that accept untrusted queries or load attacker-controlled databases.

Public references, including the SQLite commit record and coordinated Full Disclosure postings, direct users to upgrade to version 3.50.2 or later to correct the aggregate-term handling logic. The associated EPSS score remains low at approximately 0.017 with no material increase after disclosure.

EU & UK References

Vulnerability details

There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Remote memory corruption in SQLite enables unauthenticated network exploitation for arbitrary code execution in exposed deployments.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-70873Same product: Sqlite Sqlite
CVE-2022-31631Same product: Sqlite Sqlite
CVE-2026-42944Shared CWE-197

Affected Assets

sqlite
sqlite
≤ 3.50.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mandates timely flaw remediation by upgrading vulnerable SQLite versions before 3.50.2 to patched version 3.50.2 or later, addressing the memory corruption vulnerability.

prevent

Provides memory protection mechanisms such as address space layout randomization and data execution prevention to mitigate exploitation of SQLite's memory corruption from excess aggregate terms.

detect

Requires vulnerability scanning to identify systems running SQLite versions before 3.50.2 affected by the aggregate terms exceeding columns issue.

References