Critical severity9.8NVD Advisory· Published Jul 15, 2025· Updated Apr 14, 2026

CVE-2025-6965

Description

There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.

Affected products

SQLite/SQLite
cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:*
Range: <3.50.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8nvdPatch
seclists.org/fulldisclosure/2025/Sep/49nvd
seclists.org/fulldisclosure/2025/Sep/53nvd
seclists.org/fulldisclosure/2025/Sep/56nvd
seclists.org/fulldisclosure/2025/Sep/57nvd
seclists.org/fulldisclosure/2025/Sep/58nvd
www.openwall.com/lists/oss-security/2025/09/06/1nvd
cert-portal.siemens.com/productcert/html/ssa-225816.htmlnvd
cert-portal.siemens.com/productcert/html/ssa-485750.htmlnvd

News mentions

Siemens RUGGEDCOM CROSSBOW Station Access Controller (SAC)
CISA Alerts

cvss	0.637
epss	0.001
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000