vulnerability

FreeBSD: VID-f51077bd-6dd7-11f0-9d62-b42e991fc52e (CVE-2025-7458): SQLite -- integer overflow in key info allocation

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:N/A:C)

Published

Jul 31, 2025

Added

Aug 1, 2025

Modified

Jun 15, 2026

Description

An integer overflow in the sqlite3KeyInfoFromExprList function in SQLite versions 3.39.2 through 3.41.1 allows an attacker with the ability to execute arbitrary SQL statements to cause a denial of service or disclose sensitive information from process memory via a crafted SELECT statement with a large number of expressions in the ORDER BY clause.

Solution

freebsd-upgrade-package-sqlite3

References

CVE-2025-7458
https://attackerkb.com/topics/CVE-2025-7458
CWE-190
EUVD-EUVD-2025-23000
https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-23000

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report