The National Information Technology Development Agency (NITDA) has raised the alarm over a newly-discovered security flaw in SQLite, a lightweight database engine widely used across mobile devices, browsers, and embedded systems.
The vulnerability, tracked as CVE-2025-6965, was uncovered by Google’s AI-powered discovery tool, Big Sleep, before cybercriminals could exploit it, according to the Nigerian IT regulator seen by Technology Times.
SQLite versions prior to 3.50.2 are affected by the flaw, which stems from an integer overflow vulnerability. NITDA warns that attackers could exploit the weakness to inject malicious SQL code, trigger memory reads beyond allocated array bounds, and compromise systems with outcomes ranging from data leakage to full system crashes.
NITDA: SQLite underpins millions of applications globally
“The discovery underscores both the dangers of memory corruption vulnerabilities and the growing role of AI in safeguarding global digital infrastructure,” NITDA says in its advisory.
Google disclosed that the bug was already known to some threat actors and was nearing active exploitation when its AI system flagged it.
Given SQLite’s ubiquity—it underpins millions of applications globally—NITDA cautions that the potential impact is far-reaching, particularly for developers and organisations relying on the embedded database engine.
The government IT agency advises immediate upgrades to SQLite version 3.50.2 or newer as a mitigation step, urging Nigerian developers and IT teams to treat the update as a top security priority.
Why this matters
SQLite, often described as the “quiet workhorse” of software, stores data in a single-file structure that has made it one of the world’s most widely deployed databases. Its simplicity has also made it indispensable in everyday digital services, from smartphones to enterprise systems—making vulnerabilities like CVE-2025-6965 especially dangerous.
Home
