CVE-2025-7709

Vulnerability Description

An integer overflow exists in the FTS5 https://sqlite.org/fts5.html extension. It occurs when the size of an array of tombstone pointers is calculated and truncated into a 32-bit integer. A pointer to partially controlled data can then be written out of bounds.

Related Weaknesses (CWE)

CWE-190

References

https://github.com/google/security-research/security/advisories/GHSA-v2c8-vqqp-h
http://www.openwall.com/lists/oss-security/2025/09/06/2
http://www.openwall.com/lists/oss-security/2025/11/18/10

FAQ

What is CVE-2025-7709?

CVE-2025-7709 is a documented vulnerability. An integer overflow exists in the FTS5 https://sqlite.org/fts5.html extension. It occurs when the size of an array of tombstone pointers is calculated and truncated into a 32-bit integer. A pointer ...

How severe is CVE-2025-7709?

CVSS scoring is not yet available for CVE-2025-7709. Check NVD for updates.

Is there a patch for CVE-2025-7709?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.