CVE-2025-6965
CVE Details
Visit the official vulnerability details page for CVE-2025-6965 to learn more.
Initial Publication
07/17/2025
Last Update
08/05/2025
Third Party Dependency
sqlite-libs
NIST CVE Summary
There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.
CVE Severity
Our Official Summary
This is a memory corruption vulnerability affecting SQLite versions earlier than 3.50.2, triggered when the number of aggregate terms exceeds the available columns, resulting in potential application crashes, data corruption, or even arbitrary code execution.
The images where this vulnrability is have controls in place are not accessible outside the cluster. So the attacker needs to gain privileged access to the cluster to attempt this exploit. Also the containers do not allow execution of arbitrary code. Impact of this exploit is also low, since container reduces the attack surface.
Status
Ongoing
Affected Products & Versions
| Version | Palette Enterprise | Palette Enterprise Airgap | VerteX | VerteX Airgap |
|---|---|---|---|---|
| 4.7.8 | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted |
| 4.6.41 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
Revision History
| Date | Revision |
|---|---|
| 07/31/2025 | Status changed from Open to Ongoing |
| 07/31/2025 | Official summary added |
| 07/23/2025 | Advisory assigned with CRITICAL severity |