{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-70873", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-14T03:35:18.796Z", "dateReserved": "2026-01-09T00:00:00.000Z", "datePublished": "2026-03-12T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-12T18:44:30.960Z"}, "descriptions": [{"lang": "en", "value": "An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://sqlite.org/forum/forumpost/761eac3c82"}, {"url": "https://sqlite.org/src/info/3d459f1fb1bd1b5e"}, {"url": "https://gist.github.com/cnwangjihe/f496393f30f5ecec5b18c8f5ab072054"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-244", "lang": "en", "description": "CWE-244 Improper Clearing of Heap Memory Before Release ('Heap Inspection')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-14T03:33:48.480447Z", "id": "CVE-2025-70873", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-14T03:35:18.796Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-70873", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-14T03:33:48.480447Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-244", "description": "CWE-244 Improper Clearing of Heap Memory Before Release ('Heap Inspection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-14T03:35:12.316Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://sqlite.org/forum/forumpost/761eac3c82"}, {"url": "https://sqlite.org/src/info/3d459f1fb1bd1b5e"}, {"url": "https://gist.github.com/cnwangjihe/f496393f30f5ecec5b18c8f5ab072054"}], "descriptions": [{"lang": "en", "value": "An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-12T18:44:30.960Z"}}}, "cveMetadata": {"cveId": "CVE-2025-70873", "state": "PUBLISHED", "dateUpdated": "2026-03-14T03:35:18.796Z", "dateReserved": "2026-01-09T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-12T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:*", "matchCriteriaId": "54521FEC-81AF-4A3A-9F7C-005CF0336189", "versionEndExcluding": "3.51.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file."}, {"lang": "es", "value": "Un problema de revelaci\u00f3n de informaci\u00f3n en la funci\u00f3n zipfileInflate de la extensi\u00f3n zipfile en SQLite v3.51.1 y versiones anteriores permite a los atacantes obtener memoria del mont\u00f3n mediante el suministro de un archivo ZIP manipulado."}], "id": "CVE-2025-70873", "lastModified": "2026-04-16T21:15:47.010", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-12T19:16:15.933", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://gist.github.com/cnwangjihe/f496393f30f5ecec5b18c8f5ab072054"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://sqlite.org/forum/forumpost/761eac3c82"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch"], "url": "https://sqlite.org/src/info/3d459f1fb1bd1b5e"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-244"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "sqlite: SQLite: Information Disclosure via Crafted ZIP File", "id": "2447086", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447086"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "draft"}, "cwe": "CWE-908", "details": ["A flaw was found in SQLite. This information disclosure vulnerability exists within the zipfile extension, specifically in the zipfileInflate function. A remote attacker could exploit this by providing a specially crafted ZIP file. Successful exploitation could lead to the disclosure of sensitive heap memory information."], "name": "CVE-2025-70873", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "sqlite", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "sqlite", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "sqlite", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "mingw-sqlite", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "nodejs:22/nodejs", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "nodejs:24/nodejs", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "rust-toolset:rhel8/rust", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "sqlite", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "nodejs:22/nodejs", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "nodejs:24/nodejs", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "rust", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "sqlite", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:3", "fix_state": "Fix deferred", "package_name": "rust", "product_name": "Red Hat Enterprise Linux AI (RHEL AI) 3"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2026-03-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-70873\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-70873\nhttps://gist.github.com/cnwangjihe/f496393f30f5ecec5b18c8f5ab072054\nhttps://sqlite.org/forum/forumpost/761eac3c82\nhttps://sqlite.org/src/info/3d459f1fb1bd1b5e"], "threat_severity": "Low"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,3.51.1]"}}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "sqlite", "vendor": "sqlite"}], "analysis": {"en": {"generated_at": "2026-03-18T15:53:19.283821+00:00", "value": {"mitigation_remediation": ["Upgrade the SQLite library to version v3.51.2 or newer to eliminate the zipfileInflate flaw.", "If an immediate update is not feasible, restrict or avoid processing untrusted ZIP files in applications using the vulnerable library.", "Validate ZIP archives against a trusted whitelist and perform integrity checks before decompression.", "Monitor application logs for anomalous memory access or decompression errors that may indicate exploitation attempts."], "summary": {"action": "Patch", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "All installations of SQLite 3.51.1 and older are affected, regardless of vendor or product embedding the library. No vendor specific restrictions are listed. The flaw is present in the default distribution of SQLite. Any application that imports or uses the zipfileInflate routine and processes external ZIP archives is at risk.", "description_and_impact": "An information disclosure vulnerability exists in the zipfileInflate function of the SQLite zipfile extension for versions 3.51.1 and earlier. By supplying a specially crafted ZIP file, an attacker can read data from the heap memory during decompression, potentially revealing sensitive information. The weakness is categorized as CWE-244 (Information Exposure through Heap) and CWE-908 (Improper Validation of Source Data).", "risk_and_exploitability": "The base CVSS score of 7.5 indicates a high confidentiality impact. The EPSS score is reported as less than 1%, suggesting a low probability of exploitation in the wild, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that an attacker must supply a crafted ZIP file to the vulnerable function; thus, the attack requires the target application to accept or process untrusted ZIP archives. No public exploit has been documented, and remediation relies on updating the library or restricting ZIP processing."}}}}, "created": "2026-03-13T09:53:53.127964+00:00", "updated": "2026-03-20T15:36:34.039671+00:00", "vendors": ["sqlite", "sqlite$PRODUCT$sqlite"]}