Integer Overflow Vulnerability in SQLite FTS5 Extension
CVE-2025-7709

6.9MEDIUM

Key Information:

Vendor: Sqlite
Status: Fts5
Vendor: CVE Published:; 8 September 2025

What is CVE-2025-7709?

An integer overflow vulnerability has been identified within the SQLite FTS5 extension. This specific flaw occurs due to the improper handling of the size of an array of tombstone pointers, which gets calculated and truncated into a 32-bit integer. As a result, an attacker may exploit this condition to write out of bounds to a pointer that can be partially controlled, potentially leading to unforeseen consequences in affected systems.

Affected Version(s)

FTS5 3.49.1 < 3.50

References

https://github.com/google/security-research/security/advi...

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 8, 2025
Vulnerability Reserved
Jul 16, 2025

Sqlite

What is CVE-2025-7709?

Affected Version(s)

References

CVSS V4

Timeline