Integer overflow in Sqlite Fts5

CVE-2025-7709

An integer overflow exists in the FTS5 https://sqlite.org/fts5.html  extension. It occurs when the size of an array of tombstone pointers is calculated and truncated into a 32-bit integer. A pointer to partially controlled data can then b…

Vulnerability class: Integer Overflow

EPSS: 0.003 (23.9th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2025-7709?
CVE-2025-7709 is a vulnerability in Sqlite Fts5, classified under Integer Overflow or Wraparound. Published 2025-09-08.
Is CVE-2025-7709 known to be exploited?
5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.