Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-71316
PUBLISHED
More InfoOfficial Page
Assigner-cisa-cg
Assigner Org ID-9119a7d8-5eab-497f-8521-727c672e3725
View Known Exploited Vulnerability (KEV) details
Published At-04 Jun, 2026 | 17:39
Updated At-10 Jun, 2026 | 10:34
Rejected At-
▼CVE Numbering Authority (CNA)
SQLite sqldiff remote code execution via argument injection

SQLite 'sqldiff.exe' does not securely handle the way the Microsoft Windows C runtime converts Unicode characters to ANSI codepages. An attacker could use the '-L' option to load an arbitrary DLL with a crafted command line argument string that results in command line file arguments being misinterpreted as command line options. Fixed on or around 2025-12-26.

Affected Products
Vendor
SQLite
Product
sqldiff
Default Status
unknown
Versions
Affected
  • From 0 before 2025-12-26 (custom)
Unaffected
  • 2025-12-26
Problem Types
TypeCWE IDDescription
CWECWE-176CWE-176 Improper Handling of Unicode Encoding
Type: CWE
CWE ID: CWE-176
Description: CWE-176 Improper Handling of Unicode Encoding
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
4.09.2CRITICAL
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 4.0
Base score: 9.2
Base severity: CRITICAL
Vector:
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Vincent55
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://sqlite.org/src/file/tool/winmain.c
patch
https://learn.microsoft.com/en-us/windows/win32/api/processenv/nf-processenv-getcommandlinea#security-remarks
mitigation
https://i.blackhat.com/EU-24/Presentations/EU-24-Tsai-V2-WorstFit-Unveiling-Hidden-Transformers-in-Windows-ANSI.pdf
exploit
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-155-01.json
third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2025-71316
vdb-entry
Hyperlink: https://sqlite.org/src/file/tool/winmain.c
Resource:
patch
Hyperlink: https://learn.microsoft.com/en-us/windows/win32/api/processenv/nf-processenv-getcommandlinea#security-remarks
Resource:
mitigation
Hyperlink: https://i.blackhat.com/EU-24/Presentations/EU-24-Tsai-V2-WorstFit-Unveiling-Hidden-Transformers-in-Windows-ANSI.pdf
Resource:
exploit
Hyperlink: https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-155-01.json
Resource:
third-party-advisory
Hyperlink: https://www.cve.org/CVERecord?id=CVE-2025-71316
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found