{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-6965", "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "state": "PUBLISHED", "assignerShortName": "Google", "dateReserved": "2025-07-01T09:19:04.750Z", "datePublished": "2025-07-15T13:44:00.784Z", "dateUpdated": "2026-04-29T03:55:46.708Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://www.sqlite.org/src", "defaultStatus": "unaffected", "packageName": "expr.c", "product": "SQLite", "programFiles": ["expr.c"], "vendor": "SQLite", "versions": [{"lessThan": "3.50.2", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Vlad Stolyarov of Google's Threat Analysis Group, with assistance from Google Big Sleep"}], "datePublic": "2025-06-27T22:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above."}], "value": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above."}], "impacts": [{"capecId": "CAPEC-679", "descriptions": [{"lang": "en", "value": "CAPEC-679 Exploitation of Improperly Configured or Implemented Memory Protections"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NO", "Recovery": "USER", "Safety": "NEGLIGIBLE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 7.2, "baseSeverity": "HIGH", "privilegesRequired": "LOW", "providerUrgency": "GREEN", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/S:N/AU:N/R:U/V:D/RE:L/U:Green", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "LOW"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-197", "description": "CWE-197: Numeric Truncation Error", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google", "dateUpdated": "2025-07-15T13:44:00.784Z"}, "references": [{"url": "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8"}], "source": {"discovery": "UNKNOWN"}, "title": "Integer Truncation on SQLite", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-28T00:00:00+00:00", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2025-6965"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-29T03:55:46.708Z"}}, {"title": "CVE Program Container", "references": [{"url": "http://seclists.org/fulldisclosure/2025/Sep/57"}, {"url": "http://seclists.org/fulldisclosure/2025/Sep/56"}, {"url": "http://seclists.org/fulldisclosure/2025/Sep/53"}, {"url": "http://seclists.org/fulldisclosure/2025/Sep/58"}, {"url": "http://seclists.org/fulldisclosure/2025/Sep/49"}, {"url": "http://www.openwall.com/lists/oss-security/2025/09/06/1"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-04T21:14:51.528Z"}}, {"x_adpType": "supplier", "providerMetadata": {"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e", "shortName": "siemens-SADP", "dateUpdated": "2026-04-14T08:58:07.313Z"}, "affected": [{"vendor": "Siemens", "product": "RUGGEDCOM CROSSBOW Station Access Controller (SAC)", "versions": [{"status": "affected", "version": "0", "lessThan": "V5.8", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIDIS Prime", "versions": [{"status": "affected", "version": "0", "lessThan": "V4.0.800", "versionType": "custom"}], "defaultStatus": "unknown"}], "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-485750.html"}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-225816.html"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://seclists.org/fulldisclosure/2025/Sep/57"}, {"url": "http://seclists.org/fulldisclosure/2025/Sep/56"}, {"url": "http://seclists.org/fulldisclosure/2025/Sep/53"}, {"url": "http://seclists.org/fulldisclosure/2025/Sep/58"}, {"url": "http://seclists.org/fulldisclosure/2025/Sep/49"}, {"url": "http://www.openwall.com/lists/oss-security/2025/09/06/1"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-04T21:14:51.528Z"}}, {"affected": [{"vendor": "Siemens", "product": "RUGGEDCOM CROSSBOW Station Access Controller (SAC)", "versions": [{"status": "affected", "version": "0", "lessThan": "V5.8", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIDIS Prime", "versions": [{"status": "affected", "version": "0", "lessThan": "V4.0.800", "versionType": "custom"}], "defaultStatus": "unknown"}], "x_adpType": "supplier", "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-485750.html"}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-225816.html"}], "providerMetadata": {"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e", "shortName": "siemens-SADP", "dateUpdated": "2026-04-14T08:58:07.313Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-6965", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-15T13:55:28.325825Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-15T13:55:30.882Z"}}], "cna": {"title": "Integer Truncation on SQLite", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Vlad Stolyarov of Google's Threat Analysis Group, with assistance from Google Big Sleep"}], "impacts": [{"capecId": "CAPEC-679", "descriptions": [{"lang": "en", "value": "CAPEC-679 Exploitation of Improperly Configured or Implemented Memory Protections"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NEGLIGIBLE", "version": "4.0", "Recovery": "USER", "baseScore": 7.2, "Automatable": "NO", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/S:N/AU:N/R:U/V:D/RE:L/U:Green", "providerUrgency": "GREEN", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SQLite", "product": "SQLite", "versions": [{"status": "affected", "version": "0", "lessThan": "3.50.2", "versionType": "semver"}], "packageName": "expr.c", "programFiles": ["expr.c"], "collectionURL": "https://www.sqlite.org/src", "defaultStatus": "unaffected"}], "datePublic": "2025-06-27T22:00:00.000Z", "references": [{"url": "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", "supportingMedia": [{"type": "text/html", "value": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-197", "description": "CWE-197: Numeric Truncation Error"}]}], "providerMetadata": {"orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google", "dateUpdated": "2025-07-15T13:44:00.784Z"}}}, "cveMetadata": {"cveId": "CVE-2025-6965", "state": "PUBLISHED", "dateUpdated": "2026-04-29T03:55:46.708Z", "dateReserved": "2025-07-01T09:19:04.750Z", "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "datePublished": "2025-07-15T13:44:00.784Z", "assignerShortName": "Google"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:*", "matchCriteriaId": "C1739DFA-8AEF-4CDE-9CB8-A1B601EA6FDB", "versionEndExcluding": "3.50.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above."}, {"lang": "es", "value": "Existe una vulnerabilidad en las versiones de SQLite anteriores a la 3.50.2 donde el n\u00famero de t\u00e9rminos agregados podr\u00eda exceder el n\u00famero de columnas disponibles. Esto podr\u00eda causar un problema de corrupci\u00f3n de memoria. Recomendamos actualizar a la versi\u00f3n 3.50.2 o superior."}], "id": "CVE-2025-6965", "lastModified": "2026-04-14T10:16:29.853", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NO", "Recovery": "USER", "Safety": "NEGLIGIBLE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "GREEN", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "LOW"}, "source": "cve-coordination@google.com", "type": "Secondary"}]}, "published": "2025-07-15T14:15:31.080", "references": [{"source": "cve-coordination@google.com", "tags": ["Patch"], "url": "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2025/Sep/49"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2025/Sep/53"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2025/Sep/56"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2025/Sep/57"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2025/Sep/58"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2025/09/06/1"}, {"source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e", "url": "https://cert-portal.siemens.com/productcert/html/ssa-225816.html"}, {"source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e", "url": "https://cert-portal.siemens.com/productcert/html/ssa-485750.html"}], "sourceIdentifier": "cve-coordination@google.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-197"}], "source": "cve-coordination@google.com", "type": "Secondary"}]}

{"bugzilla": {"description": "sqlite: Integer Truncation in SQLite", "id": "2380149", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380149"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "status": "draft"}, "cwe": "CWE-197", "details": ["No description is available for this CVE."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-6965", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "sqlite", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "sqlite", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "sqlite", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "mingw-sqlite", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "nodejs:22/nodejs", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "rust-toolset:rhel8/rust", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "sqlite", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "nodejs:22/nodejs", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "rust", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "sqlite", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2025-07-15T13:44:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-6965\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-6965\nhttps://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8"], "threat_severity": "Important"}

{"analysis": {"en": {"generated_at": "2026-04-20T16:56:29.167333+00:00", "value": {"mitigation_remediation": ["Upgrade the SQLite engine to version 3.50.2 or later to apply the fix for the integer truncation error.", "If an upgrade cannot be performed immediately, validate and constrain any input that generates aggregate queries to ensure the number of terms does not exceed the number of columns or otherwise trigger the vulnerability, mitigating the risk of memory corruption.", "Apply any additional vendor-supplied safeguards such as input sanitization or access controls that limit the creation or execution of complex aggregate queries, especially when processing untrusted data."], "summary": {"action": "Upgrade", "impact": "Memory corruption potentially leading to arbitrary code execution"}, "threat_synthesis": {"affected_systems": "SQLite databases reported for versions prior to 3.50.2 are affected. The CVE specifically lists SQLite SQLite as the vendor, and the affected version range is all releases before 3.50.2.", "description_and_impact": "This issue arises when the number of aggregate terms in a query exceeds the number of available columns, causing an integer truncation error that leads to memory corruption. The resulting overwrite can crash the application or, if an attacker can influence the memory layout, lead to arbitrary code execution. The weakness is classified as CWE-197.", "risk_and_exploitability": "The CVSS score of 7.2 indicates a high severity, while the EPSS score of 1% suggests that exploitation is not yet widespread but possible. The vulnerability is not listed in CISA KEV. Attackers could possibly exploit the flaw by submitting crafted SQL statements that trigger the aggregate over\u2011allocation; this is inferred from the description and typical usage of SQLite. Successful exploitation would require ability to run SQL against the vulnerable SQLite instance, which may be local or exposed over a network depending on the application design."}}}}, "created": "2025-07-16T21:35:31.808005+00:00", "updated": "2026-04-20T17:00:12.754901+00:00", "vendors": ["sqlite", "sqlite$PRODUCT$sqlite"]}