CVE-2025-70873

sqlite: SQLite: Information Disclosure via Crafted ZIP File

Description

An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file.

INFO

Published Date :

2026-03-12T00:00:00.000Z

Last Modified :

2026-03-14T03:35:18.796Z

Source :

mitre

AFFECTED PRODUCTS

The following products are affected by CVE-2025-70873 vulnerability.

Vendors	Products
Sqlite	Sqlite

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-70873.

URL	Resource
https://gist.github.com/cnwangjihe/f496393f30f5ecec5b18c8f5ab072054
https://nvd.nist.gov/vuln/detail/CVE-2025-70873
https://sqlite.org/forum/forumpost/761eac3c82
https://sqlite.org/src/info/3d459f1fb1bd1b5e
https://www.cve.org/CVERecord?id=CVE-2025-70873

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact