CVE-2025-70873: SQL Injection
Published Mar 12, 2026
·Updated
An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file.
Affected Software
4 affected componentsFixes available
SQLite SQLite<3.51.1
Microsoft azl3 sqlite 3.44.0-2
SQLite SQLite<3.51.1
Microsoft cbl2 sqlite 3.39.2-4
Remediation
Patch Available
Event History
Mar 12, 2026
CVE Published
via MITRE·12:00 AM
Data Sourced
via MITRE·12:00 AM
Description
Data Sourced
via NVD·07:16 PM
RemedyDescriptionSeverityWeaknessAffected Software
Apr 18, 2026
Data Sourced
via Microsoft·08:02 AM
DescriptionSeverityWeaknessAffected Software
Updated
via Microsoft·08:02 AM
Severity
Updated
via Microsoft·08:02 AM
Affected Software
Frequently Asked Questions
1
What is the severity of CVE-2025-70873?
CVE-2025-70873 has been classified as a moderate severity vulnerability due to its potential for information disclosure.
2
How do I fix CVE-2025-70873?
To fix CVE-2025-70873, upgrade SQLite to version 3.51.2 or later.
3
What versions of SQLite are affected by CVE-2025-70873?
CVE-2025-70873 affects SQLite versions 3.51.1 and earlier.
4
What type of vulnerability is CVE-2025-70873?
CVE-2025-70873 is an information disclosure vulnerability.
5
What can attackers achieve by exploiting CVE-2025-70873?
By exploiting CVE-2025-70873, attackers can potentially obtain sensitive heap memory data by supplying a crafted ZIP file.