SQLitePCLRaw.lib.e_sqlite3 is brought in transitively via Microsoft.Data.Sqlite.
A vulnerability(CVE-2025-6965) is fixed in SQLitePCLRaw.lib.e_sqlite3 starting at 3.50.2 (minimum fixed version).
What to investigate
- Identify the currently used Microsoft.Data.Sqlite version.
- Verify which SQLitePCLRaw.lib.e_sqlite3 version it resolves to.
- Check whether a newer Microsoft.Data.Sqlite version pulls in SQLitePCLRaw.lib.e_sqlite3 >= 3.50.2.
Required action
-
If such a Microsoft.Data.Sqlite version exists, upgrade to that version.
-
Ensure the resolved transitive version of SQLitePCLRaw.lib.e_sqlite3 is >= 3.50.2.
-
If not possible directly, evaluate safe alternatives (explicit transitive override / package pinning strategy) while maintaining compatibility.
-
Compatibility caveat (must be validated during upgrade)
Upgrading SQLite stack versions may expose SQL compatibility issues:
String literals using double quotes (") can break.
String literals should use single quotes (').
SQLitePCLRaw.lib.e_sqlite3 is brought in transitively via Microsoft.Data.Sqlite.
A vulnerability(CVE-2025-6965) is fixed in SQLitePCLRaw.lib.e_sqlite3 starting at 3.50.2 (minimum fixed version).
What to investigate
Required action
If such a Microsoft.Data.Sqlite version exists, upgrade to that version.
Ensure the resolved transitive version of SQLitePCLRaw.lib.e_sqlite3 is >= 3.50.2.
If not possible directly, evaluate safe alternatives (explicit transitive override / package pinning strategy) while maintaining compatibility.
Compatibility caveat (must be validated during upgrade)
Upgrading SQLite stack versions may expose SQL compatibility issues:
String literals using double quotes (") can break.
String literals should use single quotes (').