High severity7.5NVD Advisory· Published Mar 12, 2026· Updated Apr 16, 2026
CVE-2025-70873
CVE-2025-70873
Description
An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- sqlite.org/src/info/3d459f1fb1bd1b5envdIssue TrackingPatch
- gist.github.com/cnwangjihe/f496393f30f5ecec5b18c8f5ab072054nvdExploitThird Party Advisory
- sqlite.org/forum/forumpost/761eac3c82nvdIssue Tracking
News mentions
13- Browser Run: now running on Cloudflare Containers, it’s faster and more scalableCloudflare Blog · May 13, 2026
- Cookie thieves caught stealing dev secrets via fake Claude Code installersThe Register Security · May 11, 2026
- CloudZ RAT potentially steals OTP messages using Pheno pluginCisco Talos Intelligence · May 5, 2026
- TeamPCP Weekly Analysis: 2026-W18 (2026-04-27 through 2026-05-03), (Mon, May 4th)SANS Internet Storm Center · May 4, 2026
- The Good, the Bad and the Ugly in Cybersecurity – Week 18SentinelOne Labs · May 1, 2026
- Introducing Dynamic Workflows: durable execution that follows the tenantCloudflare Blog · May 1, 2026
- The never-ending supply chain attacks worm into SAP npm packages, other dev toolsThe Register Security · Apr 30, 2026
- Building the agentic cloud: everything we launched during Agents Week 2026Cloudflare Blog · Apr 20, 2026
- Redirects for AI Training enforces canonical contentCloudflare Blog · Apr 17, 2026
- Agents that remember: introducing Agent MemoryCloudflare Blog · Apr 17, 2026
- Introducing Flagship: feature flags built for the age of AICloudflare Blog · Apr 17, 2026
- Artifacts: versioned storage that speaks GitCloudflare Blog · Apr 16, 2026
- Siemens RUGGEDCOM CROSSBOW Station Access Controller (SAC)CISA Alerts