CVE-2025-6965

EUVD-2025-21441
There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 21%
Affected Products (NVD)
VendorProductVersion
sqlitesqlite
𝑥
< 3.50.2
𝑥
= Vulnerable software versions
Windows Releases
Platform
Version
Windows 10
1607 (x64, x86)
KB5073722
1809 (x64, x86)
KB5073723
21H2 (arm64, x64, x86)
KB5073724
22H2 (arm64, x64, x86)
KB5073724
Windows 11
23H2 (arm64, x64)
KB5073455
24H2 (arm64, x64)
KB5074109
25H2 (arm64, x64)
KB5074109
Windows Server 2016
Server Core
KB5073722
Standard
KB5073722
Windows Server 2019
Server Core
KB5073723
Standard
KB5073723
Windows Server 2022
23H2 Server Core
KB5073450
Server Core
KB5073457
Standard
KB5073457
Windows Server 2025
Server Core
KB5073379
Standard
KB5073379
Debian logo
Debian Releases
Debian Product
Codename
sqlite3
bookworm
3.40.1-2+deb12u2
fixed
bullseye
postponed
bullseye (security)
vulnerable
forky
3.46.1-9
fixed
sid
3.46.1-9
fixed
trixie
3.46.1-7
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
sqlite3
bionic
Fixed 3.22.0-1ubuntu0.7+esm2
released
focal
Fixed 3.31.1-4ubuntu0.7+esm1
released
jammy
Fixed 3.37.2-2ubuntu0.5
released
noble
Fixed 3.45.1-1ubuntu2.4
released
plucky
Fixed 3.46.1-3ubuntu0.2
released
questing
Fixed 3.46.1-6ubuntu1
released
trusty
Fixed 3.8.2-1ubuntu2.2+esm5
released
xenial
Fixed 3.11.0-1ubuntu1.5+esm3
released
sqlite
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
dne
plucky
dne
questing
dne
trusty
needs-triage
xenial
needs-triage
Common Weakness Enumeration
References
https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8
http://seclists.org/fulldisclosure/2025/Sep/49
http://seclists.org/fulldisclosure/2025/Sep/53
http://seclists.org/fulldisclosure/2025/Sep/56
http://seclists.org/fulldisclosure/2025/Sep/57
http://seclists.org/fulldisclosure/2025/Sep/58
http://www.openwall.com/lists/oss-security/2025/09/06/1