VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-macf-2xgx-6yfv

Essentials
Severities (32)
References (29)
Severity details (5)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-macf-2xgx-6yfv
Aliases	CVE-2025-6965
Summary	There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.
Status	Published
Exploitability	0.5
Weighted Severity	8.8
Risk	4.4
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-197

Numeric Truncation Error

System	Score	Found at
cvssv3	7.7	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6965.json
epss	0.00031	https://api.first.org/data/v1/epss?cve=CVE-2025-6965
epss	0.00031	https://api.first.org/data/v1/epss?cve=CVE-2025-6965
epss	0.00031	https://api.first.org/data/v1/epss?cve=CVE-2025-6965
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2025-6965
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2025-6965
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2025-6965
epss	0.00047	https://api.first.org/data/v1/epss?cve=CVE-2025-6965
epss	0.00047	https://api.first.org/data/v1/epss?cve=CVE-2025-6965
epss	0.00047	https://api.first.org/data/v1/epss?cve=CVE-2025-6965
epss	0.00047	https://api.first.org/data/v1/epss?cve=CVE-2025-6965
epss	0.00047	https://api.first.org/data/v1/epss?cve=CVE-2025-6965
epss	0.00047	https://api.first.org/data/v1/epss?cve=CVE-2025-6965
epss	0.00047	https://api.first.org/data/v1/epss?cve=CVE-2025-6965
epss	0.00047	https://api.first.org/data/v1/epss?cve=CVE-2025-6965
epss	0.00047	https://api.first.org/data/v1/epss?cve=CVE-2025-6965
epss	0.00047	https://api.first.org/data/v1/epss?cve=CVE-2025-6965
epss	0.00047	https://api.first.org/data/v1/epss?cve=CVE-2025-6965
epss	0.00047	https://api.first.org/data/v1/epss?cve=CVE-2025-6965
epss	0.00047	https://api.first.org/data/v1/epss?cve=CVE-2025-6965
epss	0.00047	https://api.first.org/data/v1/epss?cve=CVE-2025-6965
epss	0.00047	https://api.first.org/data/v1/epss?cve=CVE-2025-6965
epss	0.00047	https://api.first.org/data/v1/epss?cve=CVE-2025-6965
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2025-6965
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2025-6965
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2025-6965
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2025-6965
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2025-6965
cvssv3.1	7.7	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	9.8	https://nvd.nist.gov/vuln/detail/CVE-2025-6965
cvssv4	7.2	https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8
ssvc	Track	https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6965.json
		https://api.first.org/data/v1/epss?cve=CVE-2025-6965
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1109379		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109379
2380149		https://bugzilla.redhat.com/show_bug.cgi?id=2380149
5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8		https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8
cpe:2.3:a:sqlite:sqlite::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sqlite:sqlite::::::::
CVE-2025-6965		https://nvd.nist.gov/vuln/detail/CVE-2025-6965
RHSA-2025:11802		https://access.redhat.com/errata/RHSA-2025:11802
RHSA-2025:11803		https://access.redhat.com/errata/RHSA-2025:11803
RHSA-2025:11933		https://access.redhat.com/errata/RHSA-2025:11933
RHSA-2025:11992		https://access.redhat.com/errata/RHSA-2025:11992
RHSA-2025:12010		https://access.redhat.com/errata/RHSA-2025:12010
RHSA-2025:12036		https://access.redhat.com/errata/RHSA-2025:12036
RHSA-2025:12349		https://access.redhat.com/errata/RHSA-2025:12349
RHSA-2025:12521		https://access.redhat.com/errata/RHSA-2025:12521
RHSA-2025:12522		https://access.redhat.com/errata/RHSA-2025:12522
RHSA-2025:12749		https://access.redhat.com/errata/RHSA-2025:12749
RHSA-2025:12901		https://access.redhat.com/errata/RHSA-2025:12901
RHSA-2025:12904		https://access.redhat.com/errata/RHSA-2025:12904
RHSA-2025:12905		https://access.redhat.com/errata/RHSA-2025:12905
RHSA-2025:13267		https://access.redhat.com/errata/RHSA-2025:13267
RHSA-2025:13335		https://access.redhat.com/errata/RHSA-2025:13335
RHSA-2025:14101		https://access.redhat.com/errata/RHSA-2025:14101
RHSA-2025:15827		https://access.redhat.com/errata/RHSA-2025:15827
RHSA-2025:15828		https://access.redhat.com/errata/RHSA-2025:15828
USN-7676-1		https://usn.ubuntu.com/7676-1/
USN-7679-1		https://usn.ubuntu.com/7679-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6965.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2025-6965

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/S:N/AU:N/R:U/V:D/RE:L/U:Green Found at https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8

Attack Vector (AV)	Attack Complexity (AC)	Attack Requirements (AT)	Privileges Required (PR)	User Interaction (UI)	Vulnerable System Impact Confidentiality (VC)	Vulnerable System Impact Integrity (VI)	Vulnerable System Impact Availability (VA)	Subsequent System Impact Confidentiality (SC)	Subsequent System Impact Integrity (SI)	Subsequent System Impact Availability (SA)
network adjacent local physical	low high	none present	none low high	none passive active	high low none	high low none	high low none	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Attack Requirements (AT)

Privileges Required (PR)

User Interaction (UI)

Vulnerable System Impact Confidentiality (VC)

Vulnerable System Impact Integrity (VI)

Vulnerable System Impact Availability (VA)

Subsequent System Impact Confidentiality (SC)

Subsequent System Impact Integrity (SI)

Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-15T13:55:28Z/ Found at https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8

Exploit Prediction Scoring System (EPSS)

Percentile	0.07436
EPSS Score	0.00031
Published At	Sept. 16, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:36:53.545517+00:00	Alpine Linux Importer	Import	https://secdb.alpinelinux.org/v3.22/main.json	37.0.0