CVE-2025-6965: Integer Truncation on SQLite

Overview

Severity

Critical (CVSS 9.8)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploit Status

Not Exploited

Patch Tuesday

2025-Jul

Released

2025-08-14

Last Updated

2026-05-12

EPSS Score

1.69% (percentile: 82.5%)

FAQ

Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.

Affected Products (32)

Windows

• Windows 10 Version 1809 for 32-bit Systems
• Windows 10 Version 1809 for x64-based Systems
• Windows Server 2019
• Windows Server 2019 (Server Core installation)
• Windows Server 2022
• Windows Server 2022 (Server Core installation)
• Windows 10 Version 21H2 for 32-bit Systems
• Windows 10 Version 21H2 for ARM64-based Systems
• Windows 10 Version 21H2 for x64-based Systems
• Windows Server 2025 (Server Core installation)
• Windows 11 Version 23H2 for ARM64-based Systems
• Windows 11 Version 23H2 for x64-based Systems
• Windows Server 2022, 23H2 Edition (Server Core installation)
• Windows 11 Version 24H2 for ARM64-based Systems
• Windows 11 Version 24H2 for x64-based Systems
• Windows Server 2025
• Windows 10 Version 1607 for 32-bit Systems
• Windows 10 Version 1607 for x64-based Systems
• Windows Server 2016
• Windows Server 2016 (Server Core installation)

ESU

• Windows 10 Version 22H2 for x64-based Systems
• Windows 10 Version 22H2 for ARM64-based Systems
• Windows 10 Version 22H2 for 32-bit Systems

Other

• 20437
• 20438
• 19582-16823
• 20296-17084
• 19759-17086

Developer Tools

• Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
• Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
• Microsoft Visual Studio 2022 version 17.12
• Microsoft Visual Studio 2022 version 17.14

Security Updates (12)

• 5073723
• 5073457
• 5073724
• 5073379
• 5074109
• 5073455
• 5073450
• 5073722
• Release Notes
• Release Notes
• Release Notes
• Release Notes

Acknowledgments

Anonymous

Revision History

• 2025-08-14: Information published.
• 2026-03-05: Added Window software to the Security Updates table. Customers that are running supported version of Widnows are encouraged to update to the indicated version to be protected from this vulnerability.
• 2026-02-18: Information published.
• 2026-04-14: Added Window software to the Security Updates table. Customers that are running supported version of Widnows are encouraged to update to the indicated version to be protected from this vulnerability.
• 2026-05-12: Added Visual Studio software to the Security Updates table. Customers that are running supported version of Visual Studio are encouraged to update to the indicated version to be protected from this vulnerability.