Integer overflow in Sqlite Fts5
CVE-2025-7709
An integer overflow exists in the FTS5 https://sqlite.org/fts5.html extension. It occurs when the size of an array of tombstone pointers is calculated and truncated into a 32-bit integer. A pointer to partially controlled data can then b…
Vulnerability class: Integer Overflow
EPSS: 0.003 (23.9th percentile) — read the EPSS interpretation.
Affected products
- Sqlite Fts5 — versions 3.49.1 < 3.50
Weakness classification (CWE)
Public proof-of-concept exploits
References
Frequently asked questions
- What is CVE-2025-7709?
- CVE-2025-7709 is a vulnerability in Sqlite Fts5, classified under Integer Overflow or Wraparound. Published 2025-09-08.
- Is CVE-2025-7709 known to be exploited?
- 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.