CVE-2025-6965: Remote Code Execution via Integer Truncation in SQLite Aggregate Parser
Vulnerability ID: CVE-2025-6965
CVSS Score: 7.7
Published: 2025-07-15
An integer truncation vulnerability (CWE-197) exists in SQLite before version 3.50.2 during the processing of aggregate queries with more than 32,767 distinct column references. This causes an internal 32-bit counter to truncate to a signed 16-bit integer, producing negative values that cause out-of-bounds heap operations in release builds.
TL;DR
Integer truncation in SQLite's aggregate query compiler allows remote code execution or denial of service through out-of-bounds heap reads and writes when processing queries with over 32,767 unique columns.
⚠️ Exploit Status: POC
Technical Details
- CWE ID: CWE-197
- Attack Vector: Network (AV:N)
- CVSS Score: 7.7 (High)
- EPSS Score: 0.73495 (99.40th percentile)
- Impact: Memory Corruption / Remote Code Execution
- Exploit Status: PoC Available
- KEV Status: Not listed
Affected Systems
- SQLite Database Engine
- Apple iOS
- Apple macOS
- Apple watchOS
- Apple tvOS
- Apple iPadOS
- Apple visionOS
- Siemens Ruggedcom Crossbow
- Siemens SIDIS Prime
Exploit Details
- Google Security Research: Google Security Research Advisory detailing the root cause discovered by Google Big Sleep
Mitigation Strategies
- Upgrade native SQLite binaries to 3.50.2 or newer
- Filter incoming SQL query strings to reject abnormally large or highly complex column expressions
- Enable compiler warnings for implicit truncation inside native compilation pipelines
Remediation Steps:
- Identify all systems executing native SQLite binaries, including packaged wrappers like NuGet SQLitePCLRaw.
- Apply the vendor security updates or replace library components with 3.50.2 compliant versions.
- Verify runtime checks in non-debug release builds to ensure error checking functions handle oversized query limits safely.
References
- SQLite Source Code Trunk Fix Info
- OSS-Security Mailing List Announcement
- Google Security Research Advisory
- GitHub Advisory Database Entry
- Siemens SSA-225816 Advisory (Ruggedcom)
- Siemens SSA-485750 Advisory (SIDIS Prime)
- Apple Security Advisory
Read the full report for CVE-2025-6965 on our website for more details including interactive diagrams and full exploit analysis.
Top comments (0)