CVE-2025-7458CRITICAL 9.1EPSS p12.4%

CVE-2025-7458CVE-2025-7458

Description

An integer overflow in the sqlite3KeyInfoFromExprList function in SQLite versions 3.39.2 through 3.41.1 allows an attacker with the ability to execute arbitrary SQL statements to cause a denial of service or disclose sensitive information from process memory via a crafted SELECT statement with a large number of expressions in the ORDER BY clause.

Scoring

CVSS 3.19.1 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS0.22% probability of exploitation · percentile 12.4% · 2026-06-18T12:00:27Z
Published2025-07-29
Last modified2025-08-11

Underlying weaknesses· 1

CWE-190

References

  1. https://sqlite.org/forum/forumpost/16ce2bb7a639e29b
  2. https://sqlite.org/src/info/12ad822d9b827777

1

TypeTargetConfidenceTier
WeaknessInteger Overflow or Wraparoundcwe-1900%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-11824
CVE
CVE-2025-3277
CVE
CVE-2025-6965
CVE
CVE-2026-11822
CVE
Android Framework Integer Overflow Vulnerability
CVE
CVE-2025-50983
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.