CVE-2025-6965: Integer Truncation on SQLite
Published Jul 15, 2025
·Updated
Accessibility. A logic issue was addressed with improved checks.
Other sources
Accessibility. The issue was addressed by adding additional logic.
— Apple
Admin Framework. A logic issue was addressed with improved checks.
— Apple
Admin Framework. A path handling issue was addressed with improved validation.
— Apple
afclip. The issue was addressed with improved memory handling.
— Apple
AirPort. A permissions issue was addressed with additional restrictions.
— Apple
Credit
Google's Threat Analysis Group, Hossein Lotfi@@hosselot(Trend Micro Zero Day Initiative), Chi Yuan Chang(ZUSO ART), taikosoup, Gary Kwong(Trend Micro Zero Day Initiative), CVE-2025-43226, Christian Kohlschütter, Sergei Glazunov(Google Project Zero), Ivan Fratric(Google Project Zero), Vlad Stolyarov(Google's Threat Analysis Group), Michael DePlante@@izobashi(Trend Micro Zero Day Initiative), CVE-2025-6965, Gilad Moav, Yehuda Afek, Anat Bremler-Barr, Amit Klein, Yuhao Hu, Yan Kang, Chenggang Wu, Xiaojie Wei, shandikri(Trend Micro Zero Day Initiative), Google V8 Security Team, Nan Wang@@eternalsakura13, Ziling Chen, HexRabbit@@h3xr4bb1t(DEVCORE Research Team), Ignacio Sanmillan@@ulexec, Clément Lecigne(Google's Threat Analysis Group), Andreas Jaegersberger & Ro Achterberg(Nosebeard Labs), Wong Wee Xiang, Himanshu Bharti@@Xpl0itme, Brian Carpenter, Jaydev Ahire, ABC Research s.r.o., Mickey Jin@@patch1t, Noah Gregory (wts.dev), MRHAX, Aditya Rana, Seo Hyun-gyu@@wh1te4ever(Xiaomi), Dora Orak(Xiaomi), Minghao Lin@@Y1nKoc(Xiaomi), XiLong Zhang@@Resery4(Xiaomi), noir@@ROIS, fmyy (@风沐云烟), 风沐云烟@@binary_fmyy, Minghao Lin@@Y1nKoc, Gergely Kalman@@gergely_kalman, an anonymous researcher, 2ourc3 | Salim Largo, Dawuge(Shuffle Team), Anonymous(Trend Micro Zero Day Initiative), Willey Lin, Arsenii Kostromin (0x3c3e), Pyrophoria, Dora Orak, Csaba Fitzl@@theevilbit(Kandji), Kirin@@Pwnrin, Minghao Lin, Jiaxun Zhu, Zhongquan Li@@Guluisacat, Koh M. Nakagawa@@tsunek0h(Kandji), an anonymous researcher(Loadshine Lab), Hikerell(Loadshine Lab), @@zlluny, Wojciech Regula(SecuRing), Yuebin Sun@@yuebinsun2020, Shang-De Jiang(CyCraft Technology), Kazma Ye(CyCraft Technology), Nikolai Skliarenko(Trend Micro Zero Day Initiative), Keith Yeo@@kyeojy(Team Orca of Sea Security), Martin Bajanik(Fingerprint), Ammar Askar, Syarif Muhammad Sajjad, Martti Hütt, Jonathan Bar Or@@yo_yo_yo_jbo(Microsoft), Ryan Dowd@@_rdowd, Joseph Ravichandran@@0xjprx(MIT CSAIL), Dave G. (supernetworks.org), JZ, Zhongcheng Li(IES Red Team of ByteDance), Michael Reeves@@IntegralPilot, Morris Richman@@morrisinlife, Hikerell (Loadshine Lab), 이동하 (Lee Dong Ha(BoB 14th), wac(Trend Micro Zero Day Initiative), Rodolphe BRUNETTI@@eisw0lf(Lupus Nova), pattern-f@@pattern_F_, Ferdous Saljooki@@malwarezoo(Jamf), Murray Mike, 이동하 (Lee Dong Ha)(SSA Lab), Cristian Dinca (icmd.tech), Apple, Dave G.(supernetworks), Alex Radocea(supernetworks), Taavi Eomäe(Zone Media), Atul R V, Asaf Cohen, CVE-2024-43398, CVE-2024-49761, CVE-2025-6442, Vivek Dhar, ASI (RM) in Border Security Force, FTR HQ BSF Kashmir, Alexia Wilson(Microsoft), Christine Fossaceca(Microsoft), Wang Yu(Cyberserval), Nikita Sakalouski, Rosyna Keller(Totally Not Malicious Software), Guilherme Rambo(Best Buddy Apps), Yinyi Wu@@_3ndy1(Dawn Security Lab of JD), @@zlluny(Trend Micro Zero Day Initiative), Keisuke Hosoda, Viktor Oreshkin, Philipp Baldauf, Lyutoon@@Lyutoon_, YingQi Shi@@Mas0n, Tom Brzezinski, Abhay Kailasia@@abhay_kailasia(C), KPC(Cisco Talos), Evan Waelde, 정답이 아닌 해답, Richard Hyunho Im@@richeeta, Jiwon Park, Seo Hyun-gyu@@wh1te4ever, Luke Roberts@@rookuu, Big Bear, Mike Cardwell(grepular), Bob Lord, Pawel Wylecial(REDTEAM), Nolan Astrein(Kandji), Mickey Jin@@patch1t(Cisco Talos), Kirin@@Pwnrin(Cisco Talos), Claudio Bozzato(Cisco Talos), Francesco Benvenuto(Cisco Talos), Bilal Siddiqui, Matej Moravec@@MacejkoMoravec, Shantanu Thakur, Jian Lee@@speedyfriend433, Yiğit Can YILMAZ@@yilmazcanyigit, Ye Zhang@@VAR10CK(Baidu Security), Nathaniel Oh@@calysteon, Rodolphe Brunetti@@eisw0lf(Lupus Nova), LFY@@secsys(Fudan University), CVE-2025-40909, CVE-2024-27280, @@RenwaX23, Ye Zhang(Baidu Security), Kirin@@Pwnrin(Computer Science), Cristian Dinca(Computer Science), Romania, Justin Elliot Fu, Pyrophoria(GrapheneOS), an anonymous researcher(GrapheneOS), James J Kalafus, Michel Migdal, ken super
Affected Software
46 affected componentsFixes available
SQLite SQLite<3.50.2
Apple tvOS<18.6
18.6
Apple iOS<18.6
18.6
Apple iPadOS<18.6
18.6
Apple WatchOS<11.6
11.6
Apple visionOS<2.6
2.6
Apple macOS Sequoia<15.6
15.6
Microsoft cbl2 sqlite 3.39.2-4
Microsoft cbl2 sqlite 3.39.2-3
Microsoft azl3 sqlite 3.44.0-2
Microsoft Windows 10=1607
Microsoft Windows 10=1607
Microsoft Windows Server 2016
Microsoft Windows 11=24H2
Microsoft Windows 11=24H2
Microsoft Windows Server 2025
Microsoft Windows Server 2025
Microsoft Windows 11=23H2
Microsoft Windows 11=23H2
Microsoft Windows 11=25H2
Microsoft Windows 10=22H2
Microsoft Windows 10=22H2
Microsoft Windows 10=22H2
Microsoft Windows Server 2019
Microsoft Windows Server 2022
Microsoft Windows Server 2022
Microsoft Windows 10=1809
Microsoft Windows Server 2019
Microsoft Windows Server 2022, 23H2 Edition
Microsoft Windows 10=1809
SQLite SQLite<3.50.2
Microsoft Windows 11 for ARM systems=25H2
Microsoft Windows 10=21H2
Microsoft Windows 10=21H2
Microsoft Windows 10=21H2
Microsoft Visual Studio 2017 (includes 15.0 - 15.8)=15.9
Microsoft Visual Studio 2022=17.14
Microsoft Visual Studio 2019 (includes 16.0 - 16.10)=16.11
Apple macOS Sonoma<14.8.2
14.8.2
Apple iOS<26
26
Apple iPadOS<26
26
Apple macOS Tahoe<26
26
Apple tvOS<26
26
Apple WatchOS<26
26
Apple visionOS<26
26
Microsoft Visual Studio 2022=17.12
Remediation
Event History
Jul 15, 2025
CVE Published
via MITRE·01:44 PM
Data Sourced
via MITRE·01:44 PM
DescriptionWeakness
Data Sourced
via Red Hat·02:02 PM
DescriptionSeverityAffected Software
Data Sourced
via NVD·02:15 PM
RemedyDescriptionSeverityWeaknessAffected Software
Jul 29, 2025
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
Updated
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
Affected Software
Aug 14, 2025
Data Sourced
via Microsoft·07:00 AM
DescriptionSeverityWeaknessAffected Software
Updated
via Microsoft·07:00 AM
Affected Software
Updated
via Microsoft·07:00 AM
SeverityAffected Software
Updated
via Microsoft·07:00 AM
DescriptionSeverity
Sep 15, 2025
Updated
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Nov 3, 2025
Updated
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Apr 8, 2026
Exploit Published
via ExploitDB·12:00 AM
Known Exploited
04:30 PM
Parent advisories
This vulnerability appears in the following advisories.
Peer vulnerabilities
Found alongside the following vulnerabilities.
- CVE-2025-43186
- CVE-2025-43223
- CVE-2025-43277
- CVE-2025-43210
- CVE-2025-43230
- CVE-2025-43209
- CVE-2025-43226
- CVE-2025-43282
- CVE-2025-7425
- CVE-2025-7424
- CVE-2025-43234
- CVE-2025-43224
- CVE-2025-43221
- CVE-2025-31281
- CVE-2025-6965
- CVE-2025-43227
- CVE-2025-31278
- CVE-2025-31277
- CVE-2025-31273
- CVE-2025-43214
- CVE-2025-43213
- CVE-2025-43212
- CVE-2025-43211
- CVE-2025-43265
- CVE-2025-43216
- CVE-2025-6558
- CVE-2025-31229
- CVE-2025-43217
- CVE-2025-43202
- CVE-2025-31276
- CVE-2025-43280
- CVE-2025-43228
- CVE-2025-43191
- CVE-2025-43244
- CVE-2025-31243
- CVE-2025-43253
- CVE-2025-43249
- CVE-2025-43248
- CVE-2025-43245
- CVE-2025-43281
- CVE-2025-43257
- CVE-2025-43222
- CVE-2025-43220
- CVE-2025-43273
- CVE-2025-43195
- CVE-2025-43199
- CVE-2025-43313
- CVE-2025-43267
- CVE-2025-43187
- CVE-2025-43188
- CVE-2025-43198
- CVE-2025-43254
- CVE-2025-43261
- CVE-2025-31279
- CVE-2025-43255
- CVE-2025-43284
- CVE-2025-43276
- CVE-2025-43268
- CVE-2025-43196
- CVE-2025-43192
- CVE-2025-31275
- CVE-2025-43264
- CVE-2025-43219
- CVE-2025-31280
- CVE-2025-43218
- CVE-2025-43215
- CVE-2025-43275
- CVE-2025-43225
- CVE-2025-43270
- CVE-2025-43266
- CVE-2025-43260
- CVE-2025-43247
- CVE-2025-43194
- CVE-2025-43232
- CVE-2025-43236
- CVE-2025-43235
- CVE-2025-43274
- CVE-2025-24188
- CVE-2025-43241
- CVE-2025-43233
- CVE-2025-43193
- CVE-2025-43250
- CVE-2025-43197
- CVE-2025-43239
- CVE-2025-43243
- CVE-2025-43246
- CVE-2025-43256
- CVE-2025-43206
- CVE-2025-43251
- CVE-2025-43185
- CVE-2025-43189
- CVE-2025-43237
- CVE-2025-43229
- CVE-2025-43240
- CVE-2025-43259
- CVE-2025-43238
- CVE-2025-43252
- CVE-2025-43322
- CVE-2025-43468
- CVE-2025-43379
- CVE-2025-43469
- CVE-2025-43478
- CVE-2025-43407
- CVE-2025-43446
- CVE-2025-43361
- CVE-2025-43472
- CVE-2025-43394
- CVE-2025-43448
- CVE-2025-43395
- CVE-2025-43401
- CVE-2025-43479
- CVE-2025-43382
- CVE-2025-43445
- CVE-2025-43420
- CVE-2025-43498
- CVE-2025-43348
- CVE-2025-43474
- CVE-2025-43372
- CVE-2025-43338
- CVE-2025-43396
- CVE-2025-43398
- CVE-2025-43510
- CVE-2025-43520
- CVE-2025-43413
- CVE-2025-43494
- CVE-2025-43389
- CVE-2025-43410
- CVE-2025-43411
- CVE-2025-43405
- CVE-2025-43391
- CVE-2024-43398
- CVE-2024-49761
- CVE-2025-6442
- CVE-2025-43335
- CVE-2025-43408
- CVE-2025-43476
- CVE-2025-30465
- CVE-2025-43414
- CVE-2025-43499
- CVE-2025-43380
- CVE-2025-43477
- CVE-2025-43336
- CVE-2025-43397
- CVE-2025-31199
- CVE-2025-43334
- CVE-2025-43412
- CVE-2025-43373
- CVE-2025-43344
- CVE-2025-43317
- CVE-2025-43346
- CVE-2025-43360
- CVE-2025-43354
- CVE-2025-43303
- CVE-2025-43357
- CVE-2025-43323
- CVE-2025-43349
- CVE-2025-43302
- CVE-2025-31255
- CVE-2025-43359
- CVE-2025-43345
- CVE-2025-43362
- CVE-2025-43365
- CVE-2025-43355
- CVE-2025-43203
- CVE-2025-43309
- CVE-2025-46306
- CVE-2025-31254
- CVE-2025-43329
- CVE-2025-43358
- CVE-2025-30468
- CVE-2025-43190
- CVE-2025-43347
- CVE-2025-43356
- CVE-2025-43272
- CVE-2025-43343
- CVE-2025-43342
- CVE-2025-43419
- CVE-2025-43376
- CVE-2025-43368
- CVE-2025-43288
- CVE-2025-43208
- CVE-2025-43312
- CVE-2025-43321
- CVE-2025-31268
- CVE-2025-43331
- CVE-2025-43340
- CVE-2025-43337
- CVE-2025-43320
- CVE-2025-43285
- CVE-2025-43330
- CVE-2025-43451
- CVE-2025-43307
- CVE-2025-43403
- CVE-2025-43292
- CVE-2025-24088
- CVE-2025-43305
- CVE-2025-43290
- CVE-2025-43289
- CVE-2025-46284
- CVE-2025-43316
- CVE-2025-31271
- CVE-2025-31270
- CVE-2025-43326
- CVE-2025-43283
- CVE-2025-46280
- CVE-2025-43325
- CVE-2025-43287
- CVE-2025-43366
- CVE-2025-43299
- CVE-2025-43295
- CVE-2025-43353
- CVE-2025-43294
- CVE-2025-43319
- CVE-2025-43315
- CVE-2025-43207
- CVE-2025-43279
- CVE-2025-43301
- CVE-2025-43298
- CVE-2025-46310
- CVE-2025-40909
- CVE-2025-43297
- CVE-2025-31269
- CVE-2025-43204
- CVE-2024-27280
- CVE-2025-43327
- CVE-2025-43328
- CVE-2025-43318
- CVE-2025-46307
- CVE-2025-31259
- CVE-2025-43332
- CVE-2025-43293
- CVE-2025-43291
- CVE-2025-43286
- CVE-2025-43369
- CVE-2025-43367
- CVE-2025-43333
- CVE-2025-24197
- CVE-2025-43341
- CVE-2025-43314
- CVE-2025-43304
- CVE-2025-43306
- CVE-2025-43296
- CVE-2025-43311
- CVE-2025-43308
- CVE-2025-43262
- CVE-2025-43310
Frequently Asked Questions
1
What is the severity of CVE-2025-6965?
CVE-2025-6965 has a medium severity rating due to potential memory corruption risks.
2
How do I fix CVE-2025-6965?
To fix CVE-2025-6965, upgrade SQLite to version 3.50.2 or higher.
3
What are the affected versions for CVE-2025-6965?
CVE-2025-6965 affects SQLite versions prior to 3.50.2.
4
What type of vulnerability is CVE-2025-6965?
CVE-2025-6965 is a vulnerability related to memory corruption due to aggregate term overflow.
5
Who is impacted by CVE-2025-6965?
Any users or applications utilizing SQLite versions before 3.50.2 are impacted by CVE-2025-6965.