CVE-2025-6965
Published: 15 July 2025
Summary
CVE-2025-6965 is a critical-severity Numeric Truncation Error (CWE-197) vulnerability in Sqlite Sqlite. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 22.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mandates timely flaw remediation by upgrading vulnerable SQLite versions before 3.50.2 to patched version 3.50.2 or later, addressing the memory corruption vulnerability.
Provides memory protection mechanisms such as address space layout randomization and data execution prevention to mitigate exploitation of SQLite's memory corruption from excess aggregate terms.
Requires vulnerability scanning to identify systems running SQLite versions before 3.50.2 affected by the aggregate terms exceeding columns issue.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote memory corruption in SQLite enables unauthenticated network exploitation for arbitrary code execution in exposed deployments.
NVD Description
There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.
Deeper analysisAI
CVE-2025-6965 is a vulnerability in SQLite versions before 3.50.2, where the number of aggregate terms could exceed the number of columns available, leading to a memory corruption issue (CWE-197). Published on 2025-07-15, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its potential for widespread impact.
Unauthenticated remote attackers can exploit this vulnerability over the network with low attack complexity and no user interaction required. Successful exploitation enables high-impact compromise of confidentiality, integrity, and availability, typically through memory corruption that could allow arbitrary code execution or system crashes in affected SQLite deployments.
SQLite advisories recommend upgrading to version 3.50.2 or above as the primary mitigation. Further details are provided in references such as the SQLite source information page at https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 and Full Disclosure mailing list posts from September 2025.
Details
- CWE(s)