CVE-2025-6965 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	UNKNOWN				---
Google	CNA	---				---
CISA-ADP	ADP	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Debian Releases

Debian Product

Codename

sqlite3

bullseye	vulnerable
bookworm	no-dsa
bullseye (security)	vulnerable
trixie	vulnerable
sid	vulnerable

Ubuntu Releases

Ubuntu Product

Codename

sqlite

plucky	dne
noble	dne
jammy	needs-triage
focal	needs-triage
bionic	needs-triage
xenial	needs-triage
trusty	needs-triage

sqlite3

plucky	needs-triage
noble	needs-triage
jammy	needs-triage
focal	needs-triage
bionic	needs-triage
xenial	needs-triage
trusty	needs-triage

Common Weakness Enumeration

CWE-197 - Numeric Truncation Error
Truncation errors occur when a primitive is cast to a primitive of a smaller size and data is lost in the conversion.

Vulnerability Media Exposure

[ENGLISH] Google AI "Big Sleep" Stops Exploitation of Critical SQLite Vulnerability Before Hackers Act
Google on Tuesday revealed that its large language model (LLM)-assisted vulnerability discovery framework discovered a security flaw in the SQLite open-source database engine before it could have been exploited in the wild. The vulnerability, tracked as CVE-2025-6965 (CVSS score: 7.2), is a memory corruption flaw affecting all versions prior to 3.50.2. It was discovered by Big Sleep, an
Published: 2025-07-16T13:14:00+05:30

References

https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8