Memory Corruption Vulnerability in SQLite by SQLite Consortium
CVE-2025-6965

7.2HIGH

Key Information:

Vendor

Sqlite

Status
Sqlite
Vendor
CVE Published:
15 July 2025

Badges

📈 Trended📈 Score: 6,930👾 Exploit Exists📰 News Worthy

What is CVE-2025-6965?

CVE-2025-6965 is a memory corruption vulnerability identified in SQLite, a widely-used open-source database engine known for its simplicity and lightweight architecture. This vulnerability affects SQLite versions prior to 3.50.2 and arises when the number of aggregate terms within a query exceeds the available number of columns. Exploiting this flaw can disrupt application stability and potentially allow unauthorized actions within the system. Organizations relying on SQLite for data storage and management may face significant operational risks if this vulnerability is not addressed, as it can lead to unpredictable behavior, crashes, and security breaches.

Potential impact of CVE-2025-6965

  1. System Instability: The memory corruption caused by exceeding aggregate terms can lead to application crashes or erratic behavior, significantly affecting service availability and end-user experience.

  2. Data Integrity Risks: Exploitation of this vulnerability may result in unintentional data corruption or loss, compromising the integrity of stored information and undermining trust in database operations.

  3. Security Breach Potential: Given the nature of memory corruption vulnerabilities, there is a risk that attackers could execute arbitrary code or gain elevated privileges, which may lead to unauthorized access and potential data theft or further exploitation.

Affected Version(s)

SQLite 0 < 3.50.2

News Articles

favicon imageDeccan Herald

Cybersecurity Breakthrough: Google’s Big Sleep AI Agent detects critical SQLite vulnerability

AI Threat Defense: Google’s Big Sleep AI foils cyberattack by detecting SQLite flaw CVE-2025-6965 before exploitation.

favicon imageThe Record from Recorded Future News

Google says ‘Big Sleep’ AI tool found bug hackers planned to use

On Tuesday, Google said Big Sleep managed to discover CVE-2025-6965 — a critical security flaw that Google said was “only known to threat actors and was at risk of being exploited.”

favicon imageCyberSecurityNews

Google's AI Tool Big Sleep Uncovered Critical SQLite 0-Day Vulnerability and Blocks Active Exploitation

Google's revolutionary AI-powered security tool Big Sleep has achieved a groundbreaking milestone by discovering and preventing the exploitation.

References

https://www.sqlite.org/src/info/5508b56fd24016c13981ec280...

CVSS V4

Score:
7.2
Severity:
HIGH
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 📈

    Vulnerability started trending

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by The Hacker News

  • Vulnerability published

  • Vulnerability Reserved

Credit

Vlad Stolyarov of Google's Threat Analysis Group, with assistance from Google Big Sleep
.
CVE-2025-6965 : Memory Corruption Vulnerability in SQLite by SQLite Consortium