Uploaded image for project: 'Communication Studio'
  1. Communication Studio
  2. COMSTUDIO-485

Security vulnerability: CVE-2025-6965 in System.Data.SQLite.Core 1.0.112.2

          Details

          • Type: Bug
          • Status: Closed
          • Priority: Minor
          • Resolution: Fixed
          • Affects Version/s: V1.9.2.54018, V1.9.3.54213, V1.9.4.54513, V1.9.8.54743
          • Fix Version/s: V1.9.14.55003
          • Component/s: None
          • Labels:
            None
          • Account:
            SUI Communication Studio 1 (operative) (SUICOMMUNI)

            Description

            Our application currently uses the NuGet package System.Data.SQLite.Core (version 1.0.112.2). This version includes an outdated SQLite engine (≤ 3.31.x) that is affected by CVE-2025-6965.

            The vulnerability allows memory corruption in the SQLite engine under certain conditions — specifically, when a query contains an excessive number of aggregate expressions compared to the available columns.
            This may lead to crashes or potentially exploitable behavior.

              Attachments

                Expenses

                  Activity

                    Status Description

                      People

                      • Reporter:
                        DBock Daniel Bock
                      • Votes:
                        0 Vote for this issue
                        Watchers:
                        0 Start watching this issue

                        Dates

                        • Created:
                          Updated:
                          Resolved: