Integer Overflow Vulnerability in SQLite FTS5 Extension
CVE-2025-7709

6.9MEDIUM

Key Information:

Vendor: Sqlite
Status: Fts5
Vendor: CVE Published:; 8 September 2025

What is CVE-2025-7709?

An integer overflow vulnerability has been identified within the SQLite FTS5 extension. This specific flaw occurs due to the improper handling of the size of an array of tombstone pointers, which gets calculated and truncated into a 32-bit integer. As a result, an attacker may exploit this condition to write out of bounds to a pointer that can be partially controlled, potentially leading to unforeseen consequences in affected systems.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

FTS5 3.49.1 < 3.50

References

https://github.com/google/security-research/security/advi...

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Sep 8, 2025
Vulnerability Reserved
Jul 16, 2025

JSON

Sqlite