Skip to content

Update sqlite to 3.50.2 to mitigate CVE-2025-6965 #100

Description

@luan-mont

SQLitePCLRaw.lib.e_sqlite3 is brought in transitively via Microsoft.Data.Sqlite.
A vulnerability(CVE-2025-6965) is fixed in SQLitePCLRaw.lib.e_sqlite3 starting at 3.50.2 (minimum fixed version).

What to investigate

  1. Identify the currently used Microsoft.Data.Sqlite version.
  2. Verify which SQLitePCLRaw.lib.e_sqlite3 version it resolves to.
  3. Check whether a newer Microsoft.Data.Sqlite version pulls in SQLitePCLRaw.lib.e_sqlite3 >= 3.50.2.

Required action

  • If such a Microsoft.Data.Sqlite version exists, upgrade to that version.

  • Ensure the resolved transitive version of SQLitePCLRaw.lib.e_sqlite3 is >= 3.50.2.

  • If not possible directly, evaluate safe alternatives (explicit transitive override / package pinning strategy) while maintaining compatibility.

  • Compatibility caveat (must be validated during upgrade)

Upgrading SQLite stack versions may expose SQL compatibility issues:

String literals using double quotes (") can break.
String literals should use single quotes (').

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions