Submit finding

All findings

CVE-2025-6965 high

SQLite aggregate-term memory corruption found by Big Sleep

CVE-2025-6965 affected SQLite before 3.50.2 and was publicly described by Google as a Big Sleep finding that helped cut off imminent exploitation.

Bug class
Aggregate-term accounting -> memory corruption
Affected codebase
SQLite
Credited system
Google Big Sleep
Disclosed
July 15, 2025
Attribution
Direct source attribution
Severity
high
Source status: Direct Google disclosure plus NVD and SQLite patch references. Google describes the issue as known only to threat actors and at risk of exploitation.

Summary

CVE-2025-6965 is a SQLite memory-corruption vulnerability affecting versions before 3.50.2. The CVE description says the number of aggregate terms could exceed the number of available columns, which could lead to memory corruption.

Google’s July 2025 security update says Big Sleep found the SQLite issue using Google Threat Intelligence context and that the issue was known only to threat actors and was at risk of exploitation. Google framed the result as the first time an AI agent directly helped foil efforts to exploit a vulnerability in the wild.

Why it matters

This is the clearest public example so far of the bugflation feedback loop: threat intelligence points to a likely exploitation path, an AI-assisted agent helps find the flaw, and the fix lands before public weaponization.

For maintainers, the lesson is practical. AI-assisted discovery is not only about scanning code in isolation. It becomes more powerful when paired with fresh intelligence, variant analysis, and a fast disclosure path.

Classification

We use the CNA-provided high severity signal rather than the higher secondary CVSS interpretation. The index records the bug as high impact, not as proof of a universal remote-code-execution condition in every SQLite embedding.

References

Catalogued in the Bugflation public ledger. Disagree with the attribution or severity label? Email the desk.