Cyber Posture

CVE-2025-70873

HighPublic PoC

Published: 12 March 2026

Published
12 March 2026
Modified
16 April 2026
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0005 15.4th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-70873 is a high-severity Heap Inspection (CWE-244) vulnerability in Sqlite Sqlite. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 15.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique.
Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

SC-4 Information in Shared System Resources
addresses: CWE-244

Forces clearing of heap memory contents prior to release, preventing subsequent processes from inspecting prior sensitive data.

SI-12 Information Management and Retention
addresses: CWE-244

Information management requirements drive clearing of sensitive contents from memory prior to release or reuse.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
attack.mitre.org →
Why these techniques?

Remote unauthenticated info disclosure via crafted input directly enables exploitation of public-facing SQLite-based applications (T1190) and extraction of sensitive in-memory data from the local system (T1005).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file.

Deeper analysisAI

CVE-2025-70873 is an information disclosure vulnerability affecting the zipfileInflate function within the zipfile extension of SQLite versions 3.51.1 and earlier. By supplying a crafted ZIP file, attackers can trigger the issue to expose heap memory contents. The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) and is associated with CWE-244. It was published on 2026-03-12.

Remote attackers require no privileges or user interaction to exploit this vulnerability over the network with low complexity. Successful exploitation allows disclosure of sensitive heap memory data from the affected SQLite process, potentially revealing confidential information such as keys, tokens, or other in-memory data depending on the application's usage of the zipfile extension.

Mitigation details and patches are documented in SQLite advisories, including the source code check-in at https://sqlite.org/src/info/3d459f1fb1bd1b5e, a forum discussion at https://sqlite.org/forum/forumpost/761eac3c82, and a technical gist at https://gist.github.com/cnwangjihe/f496393f30f5ecec5b18c8f5ab072054. Security practitioners should upgrade to a patched SQLite version beyond 3.51.1.

Details

CWE(s)
CWE-244

Affected Products

sqlite
sqlite
≤ 3.51.1

CVEs Like This One

CVE-2025-6965Same product: Sqlite Sqlite
CVE-2025-26304Shared CWE-244
CVE-2025-1722Shared CWE-244
CVE-2025-26305Shared CWE-244
CVE-2026-20039Shared CWE-244
CVE-2025-1719Shared CWE-244
CVE-2022-31631Same product: Sqlite Sqlite

References