CVE-2025-7458

SQLite integer overflow in key info allocation may lead to information disclosure.

Description

An integer overflow in the sqlite3KeyInfoFromExprList function in SQLite versions 3.39.2 through 3.41.1 allows an attacker with the ability to execute arbitrary SQL statements to cause a denial of service or disclose sensitive information from process memory via a crafted SELECT statement with a large number of expressions in the ORDER BY clause.

Remediation

Solution:

  • Upgrade to SQLite version 3.41.2 or newer.

Category

6.9
CVSS
Severity: Medium
CVSS 4.0 •
CVSS 3.1 •
EPSS 0.01%
Affected: SQLite SQLite
Published at:
Updated at:

References

Link Tags
https://sqlite.org/forum/forumpost/16ce2bb7a639e29b issue tracking
https://sqlite.org/src/info/12ad822d9b827777 patch

Frequently Asked Questions

What is the severity of CVE-2025-7458?
CVE-2025-7458 has been scored as a medium severity vulnerability.
How to fix CVE-2025-7458?
To fix CVE-2025-7458: Upgrade to SQLite version 3.41.2 or newer.
Is CVE-2025-7458 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-7458 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-7458?
CVE-2025-7458 affects SQLite SQLite.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.