Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-71316

Summary
Assigner-cisa-cg
Assigner Org ID-9119a7d8-5eab-497f-8521-727c672e3725
Published At-04 Jun, 2026 | 17:39
Updated At-10 Jun, 2026 | 10:34
Rejected At-
Credits

SQLite sqldiff remote code execution via argument injection

SQLite 'sqldiff.exe' does not securely handle the way the Microsoft Windows C runtime converts Unicode characters to ANSI codepages. An attacker could use the '-L' option to load an arbitrary DLL with a crafted command line argument string that results in command line file arguments being misinterpreted as command line options. Fixed on or around 2025-12-26.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:cisa-cg
Assigner Org ID:9119a7d8-5eab-497f-8521-727c672e3725
Published At:04 Jun, 2026 | 17:39
Updated At:10 Jun, 2026 | 10:34
Rejected At:
▼CVE Numbering Authority (CNA)
SQLite sqldiff remote code execution via argument injection

SQLite 'sqldiff.exe' does not securely handle the way the Microsoft Windows C runtime converts Unicode characters to ANSI codepages. An attacker could use the '-L' option to load an arbitrary DLL with a crafted command line argument string that results in command line file arguments being misinterpreted as command line options. Fixed on or around 2025-12-26.

Affected Products
Vendor
SQLite
Product
sqldiff
Default Status
unknown
Versions
Affected
  • From 0 before 2025-12-26 (custom)
Unaffected
  • 2025-12-26
Problem Types
TypeCWE IDDescription
CWECWE-176CWE-176 Improper Handling of Unicode Encoding
Type: CWE
CWE ID: CWE-176
Description: CWE-176 Improper Handling of Unicode Encoding
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
4.09.2CRITICAL
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 4.0
Base score: 9.2
Base severity: CRITICAL
Vector:
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Vincent55
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://sqlite.org/src/file/tool/winmain.c
patch
https://learn.microsoft.com/en-us/windows/win32/api/processenv/nf-processenv-getcommandlinea#security-remarks
mitigation
https://i.blackhat.com/EU-24/Presentations/EU-24-Tsai-V2-WorstFit-Unveiling-Hidden-Transformers-in-Windows-ANSI.pdf
exploit
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-155-01.json
third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2025-71316
vdb-entry
Hyperlink: https://sqlite.org/src/file/tool/winmain.c
Resource:
patch
Hyperlink: https://learn.microsoft.com/en-us/windows/win32/api/processenv/nf-processenv-getcommandlinea#security-remarks
Resource:
mitigation
Hyperlink: https://i.blackhat.com/EU-24/Presentations/EU-24-Tsai-V2-WorstFit-Unveiling-Hidden-Transformers-in-Windows-ANSI.pdf
Resource:
exploit
Hyperlink: https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-155-01.json
Resource:
third-party-advisory
Hyperlink: https://www.cve.org/CVERecord?id=CVE-2025-71316
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:9119a7d8-5eab-497f-8521-727c672e3725
Published At:04 Jun, 2026 | 19:16
Updated At:04 Jun, 2026 | 20:16

SQLite 'sqldiff.exe' does not securely handle the way the Microsoft Windows C runtime converts Unicode characters to ANSI codepages. An attacker could use the '-L' option to load an arbitrary DLL with a crafted command line argument string that results in command line file arguments being misinterpreted as command line options. Fixed on or around 2025-12-26.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.09.2CRITICAL
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 4.0
Base score: 9.2
Base severity: CRITICAL
Vector:
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-176Secondary9119a7d8-5eab-497f-8521-727c672e3725
CWE ID: CWE-176
Type: Secondary
Source: 9119a7d8-5eab-497f-8521-727c672e3725
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://i.blackhat.com/EU-24/Presentations/EU-24-Tsai-V2-WorstFit-Unveiling-Hidden-Transformers-in-Windows-ANSI.pdf9119a7d8-5eab-497f-8521-727c672e3725
N/A
https://learn.microsoft.com/en-us/windows/win32/api/processenv/nf-processenv-getcommandlinea#security-remarks9119a7d8-5eab-497f-8521-727c672e3725
N/A
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-155-01.json9119a7d8-5eab-497f-8521-727c672e3725
N/A
https://sqlite.org/src/file/tool/winmain.c9119a7d8-5eab-497f-8521-727c672e3725
N/A
https://www.cve.org/CVERecord?id=CVE-2025-713169119a7d8-5eab-497f-8521-727c672e3725
N/A
Hyperlink: https://i.blackhat.com/EU-24/Presentations/EU-24-Tsai-V2-WorstFit-Unveiling-Hidden-Transformers-in-Windows-ANSI.pdf
Source: 9119a7d8-5eab-497f-8521-727c672e3725
Resource: N/A
Hyperlink: https://learn.microsoft.com/en-us/windows/win32/api/processenv/nf-processenv-getcommandlinea#security-remarks
Source: 9119a7d8-5eab-497f-8521-727c672e3725
Resource: N/A
Hyperlink: https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-155-01.json
Source: 9119a7d8-5eab-497f-8521-727c672e3725
Resource: N/A
Hyperlink: https://sqlite.org/src/file/tool/winmain.c
Source: 9119a7d8-5eab-497f-8521-727c672e3725
Resource: N/A
Hyperlink: https://www.cve.org/CVERecord?id=CVE-2025-71316
Source: 9119a7d8-5eab-497f-8521-727c672e3725
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

5Records found
CVE-2025-6965
Matching Score-8
Assigner-Google LLC
ShareView Details
Matching Score-8
Assigner-Google LLC
CVSS Score-7.2||HIGH
EPSS-1.69% / 82.60%
||
7 Day CHG+0.07%
Published-15 Jul, 2025 | 13:44
Updated-29 Apr, 2026 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Integer Truncation on SQLite

There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.

Action-Not Available
Vendor-sqliteSQLiteSiemens AG
Product-sqliteSQLiteRUGGEDCOM CROSSBOW Station Access Controller (SAC)SIDIS Prime
CWE ID-CWE-197
Numeric Truncation Error
CVE-2025-3277
Matching Score-8
Assigner-Google LLC
ShareView Details
Matching Score-8
Assigner-Google LLC
CVSS Score-6.9||MEDIUM
EPSS-0.11% / 28.36%
||
7 Day CHG~0.00%
Published-14 Apr, 2025 | 16:50
Updated-18 Aug, 2025 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.

Action-Not Available
Vendor-sqliteSQLite
Product-sqlitesqlite
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-39213
Matching Score-4
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-4
Assigner-Zoom Video Communications, Inc.
CVSS Score-9.6||CRITICAL
EPSS-1.16% / 78.97%
||
7 Day CHG+0.12%
Published-08 Aug, 2023 | 21:36
Updated-10 Oct, 2024 | 16:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15.2 may allow an unauthenticated user to enable an escalation of privilege via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-virtual_desktop_infrastructurezoomZoom Desktop Client for Windows and Zoom VDI Client
CWE ID-CWE-176
Improper Handling of Unicode Encoding
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2006-10002
Matching Score-4
Assigner-CPAN Security Group
ShareView Details
Matching Score-4
Assigner-CPAN Security Group
CVSS Score-9.8||CRITICAL
EPSS-0.03% / 10.61%
||
7 Day CHG~0.00%
Published-19 Mar, 2026 | 11:03
Updated-29 Apr, 2026 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XML::Parser versions through 2.45 for Perl could overflow the pre-allocated buffer size cause a heap corruption (double free or corruption) and crashes

XML::Parser versions through 2.45 for Perl could overflow the pre-allocated buffer size cause a heap corruption (double free or corruption) and crashes. A :utf8 PerlIO layer, parse_stream() in Expat.xs could overflow the XML input buffer because Perl's read() returns decoded characters while SvPV() gives back multi-byte UTF-8 bytes that can exceed the pre-allocated buffer size. This can cause heap corruption (double free or corruption) and crashes.

Action-Not Available
Vendor-toddrTODDR
Product-xml\XML::Parser
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-176
Improper Handling of Unicode Encoding
CVE-2024-24691
Matching Score-4
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-4
Assigner-Zoom Video Communications, Inc.
CVSS Score-9.6||CRITICAL
EPSS-0.33% / 56.33%
||
7 Day CHG~0.00%
Published-14 Feb, 2024 | 00:01
Updated-12 May, 2025 | 15:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows - Improper Input Validation

Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-meeting_software_development_kitroomsvdi_windows_meeting_clientszoomZoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows
CWE ID-CWE-176
Improper Handling of Unicode Encoding
Details not found