Back to KEVs

CVE-2025-6965

Integer Truncation on SQLite

Basic Information

CVE State: PUBLISHED
Reserved Date: July 01, 2025
Published Date: July 15, 2025
Last Updated: July 15, 2025
Vendor: SQLite
Product: SQLite
Description: There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.

CVSS Scores

CVSS v4.0

7.2 - HIGH

Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/S:N/AU:N/R:U/V:D/RE:L/U:Green

EPSS Score

Score: 0.05% (Percentile: 14.35%) as of 2025-07-29

SSVC Information

Exploitation: none
Technical Impact: partial

Exploit Status

Exploited in the Wild: Yes (2025-07-16 08:00:31 UTC) Source

References

https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8

Known Exploited Vulnerability Information

Source	Added Date
TheHackerNews	2025-07-16 08:00:25 UTC

Recent Mentions

Google AI "Big Sleep" Stops Exploitation of Critical SQLite Vulnerability Before Hackers Act

Source: TheHackerNews • Published: 2025-07-16 07:44:00 UTC

Google on Tuesday revealed that its large language model (LLM)-assisted vulnerability discovery framework discovered a security flaw in the SQLite open-source database engine before it could have been exploited in the wild. The vulnerability, tracked as CVE-2025-6965 (CVSS score: 7.2), is a memory corruption flaw affecting all versions prior to 3.50.2. It was discovered by Big Sleep, an

Google says ‘Big Sleep’ AI tool found bug hackers planned to use

Source: The Record • Published: 2025-07-15 18:24:28 UTC

On Tuesday, Google said Big Sleep managed to discover CVE-2025-6965 — a critical security flaw that Google said was “only known to threat actors and was at risk of being exploited.”

Timeline

CVE ID Reserved

July 01, 2025
CVE Published to Public

July 15, 2025
Added to KEVIntel

July 16, 2025