Cyber Resilience

CVE-2025-70873

HighPublic PoC

Published: 12 March 2026

Published
12 March 2026
Modified
16 April 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0005 16.6th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-70873 is a high-severity Heap Inspection (CWE-244) vulnerability in Sqlite Sqlite. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 16.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-70873 is an information disclosure vulnerability affecting the zipfileInflate function within the zipfile extension of SQLite versions 3.51.1 and earlier. By supplying a crafted ZIP file, attackers can trigger the issue to expose heap memory contents. The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) and is associated with CWE-244. It was published on 2026-03-12.

Remote attackers require no privileges or user interaction to exploit this vulnerability over the network with low complexity. Successful exploitation allows disclosure of sensitive heap memory data from the affected SQLite process, potentially revealing confidential information such as keys, tokens, or other in-memory data depending on the application's usage of the zipfile extension.

Mitigation details and patches are documented in SQLite advisories, including the source code check-in at https://sqlite.org/src/info/3d459f1fb1bd1b5e, a forum discussion at https://sqlite.org/forum/forumpost/761eac3c82, and a technical gist at https://gist.github.com/cnwangjihe/f496393f30f5ecec5b18c8f5ab072054. Security practitioners should upgrade to a patched SQLite version beyond 3.51.1.

EU & UK References

Vulnerability details

An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
Why these techniques?

Remote unauthenticated info disclosure via crafted input directly enables exploitation of public-facing SQLite-based applications (T1190) and extraction of sensitive in-memory data from the local system (T1005).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-6965Same product: Sqlite Sqlite
CVE-2025-26304Shared CWE-244
CVE-2022-31631Same product: Sqlite Sqlite
CVE-2025-26305Shared CWE-244
CVE-2025-1722Shared CWE-244
CVE-2025-1719Shared CWE-244
CVE-2026-20039Shared CWE-244

Affected Assets

sqlite
sqlite
≤ 3.51.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely remediation of the specific flaw in SQLite v3.51.1 and earlier via patching to fixed versions as advised.

prevent

Implements heap memory protections like randomization and isolation to mitigate unauthorized disclosure of heap contents triggered by crafted ZIP files.

prevent

Requires validation of ZIP file inputs to the SQLite zipfile extension to block crafted files that exploit the zipfileInflate function.

References