Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2025-6965Numeric Truncation Error in Sqlite

CWE-197Numeric Truncation ErrorCWE-522Insufficiently Protected Credentials25 documents13 sources
Severity
7.2HIGHNVD
OSV5.5
EPSS
1.2%
top 21.20%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
SqliteGhost Sqlite3
Timeline
PublishedJul 15
Latest updateApr 8

Description

There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/S:N

Affected Packages4 packages

CVEListV5sqlite/sqlite< 3.50.2
NVDsqlite/sqlite< 3.50.2
Debianghost/sqlite3< 3.40.1-2+deb12u2+2
Ubuntughost/sqlite3< 3.8.2-1ubuntu2.2+esm5+3

Patches

Patch: www.sqlite.org

🔴Vulnerability Details

5
OSV
sqlite3 vulnerabilities2025-07-29
GHSA
GHSA-2m69-gcr7-jv3q: There exists a vulnerability in SQLite versions before 32025-07-15
OSV
CVE-2025-6965: There exists a vulnerability in SQLite versions before 32025-07-15
CVEList
Integer Truncation on SQLite2025-07-15
GHSA
Requests vulnerable to .netrc credentials leak via malicious URLs2025-06-09

💥Exploits & PoCs

1
Exploit-DB
SQLite 3.50.1 - Heap Overflow2026-04-08

📋Vendor Advisories

17
Oracle
Oracle Oracle MySQL Risk Matrix: Server: Docker Images (SQLite) — CVE-2025-69652026-01-15
Oracle
Oracle Oracle Communications Applications Risk Matrix: Installation (SQLite) — CVE-2025-69652025-10-15
Apple
CVE-2025-6965: watchOS 262025-09-15
Apple
CVE-2025-6965: visionOS 262025-09-15
Apple
CVE-2025-6965: macOS Tahoe 262025-09-15
CVE-2025-6965 — Numeric Truncation Error in Sqlite | cvebase