CVE-2025-71316

Published: Giu 04, 2026 Last Modified: Giu 04, 2026

ExploitDB:

Other exploit source:

Google Dorks:

CRITICAL 9,2

Source: 9119a7d8-5eab-497f-8521-727c672e3725

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

CRITICAL 9,8

Source: 9119a7d8-5eab-497f-8521-727c672e3725

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: high

Availability: high

Description

AI Translation Available

SQLite 'sqldiff.exe' does not securely handle the way the Microsoft Windows C runtime converts Unicode characters to ANSI codepages. An attacker could use the '-L' option to load an arbitrary DLL with a crafted command line argument string that results in command line file arguments being misinterpreted as command line options. Fixed on or around 2025-12-26.

176

Improper Handling of Unicode Encoding

Draft

Abstraction: Variant Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity

Potential Impacts:

Unexpected State

Applicable Platforms

All platforms may be affected

View CWE Details

https://i.blackhat.com/EU-24/Presentations/EU-24-Tsai-V2-Wo…

https://i.blackhat.com/EU-24/Presentations/EU-24-Tsai-V2-WorstFit-Unveiling-Hid…

https://learn.microsoft.com/en-us/windows/win32/api/process…

https://learn.microsoft.com/en-us/windows/win32/api/processenv/nf-processenv-ge…

https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf…

https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026…

https://sqlite.org/src/file/tool/winmain.c

https://sqlite.org/src/file/tool/winmain.c

https://www.cve.org/CVERecord?id=CVE-2025-71316

https://www.cve.org/CVERecord?id=CVE-2025-71316