![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 43%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECR%3C/text%3E%3C/svg%3E)
This is really poor from Microsoft.
Vulnerability in winsqlite3.dll
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 86%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
stiwe
60
Reputation points
We have a potential security vulnerability related to the winsqlite3.dll file located in C:\Windows\System32. The current version of this DLL is an older version of SQLite that is affected by CVE-2025-6965. It seems like winsqlite3.dll is typically updated via Windows Update, but i can't see a newer version in the october KB's.
Do you plan to release an updated version? If not, is there a workaround? Or is it safe to replace winsqlite3.dll with a newer version of SQLite?
Windows for home | Windows 11 | Windows update
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(19.2, 86%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPP%3C/text%3E%3C/svg%3E)
Prakhar Pandit 15 Reputation points2025-11-26T10:58:03.79+00:00 We have patched our servers with the November updates, but the winsqlite3.dll version is still the same. Is there any ETA for the patch release for this issue?
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Anonymous2026-01-06T21:41:48.23+00:00 Tenable is reporting this vulnerability:
C:\Windows__SysWOW6__4\winsqlite3.dll
C:\Windows_System32_\winsqlite3.dll
So i am hoping Microsoft will update their SQL dll to the latest non vulnerable version please.
Sign in to comment
6 answers
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 1%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Stuart Macdonald 30 Reputation points2025-11-13T10:23:49.32+00:00 Yep, this is showing up in our vuln scans in Tenable. To be honest, it's 50% Tenable's fault for suggesting these components are outdated - they're not, there are no updates from Microsoft. These are Windows components, signed by MS and only MS can update them. Tenable should be flagging them as Unpatched, i.e. no fixes available, but Tenable's actual analysis and understanding of the nuances of any given detection is - in my experience - pretty terrible.
On the other hand, Microsoft should be watching for CVEs in 3rd party libraries that they've adopted. The fact that this has gone unpatched for more than 2 months is not a good look for Windows.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 64%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMV%3C/text%3E%3C/svg%3E)
Mike Varga 0 Reputation points2025-11-28T20:13:38.0366667+00:00 Hey Stuart...
I somewhat agree. This is aligned with CURL and other open source inclusions in their products which they seem to be very complacent in following up on addressing vulnerabilities in those products, even after the official Git is published.
It is a risk of a mixed product (open sourced, in a closed system), but I for one appreciate the identification, and intentionally do thorough scans to ensure the vulnerability is detected, and risk can be assessed to determine if alternative actions must be taken to secure the environment.
-
Anonymous
2026-01-06T21:50:07.0633333+00:00 they should flag as no fix yet available. Tenable's outdated label is misleading. Yes, since it's MS owned and there's no KB/MSRC fix, then tenable should flag it "no vendor fix available". rather than "out of date", but we still treat it as CVE exposure until MS ships a fix. Not really happy with Tenable CVE analysis, even in cases where leading vendors confirm some CVE non exploitable, they still report it. A lot could be improved.
-
Mike Varga 0 Reputation points
2026-02-13T05:54:10.91+00:00 I disagree. The vulnerability still exists. The cve is valid and the exploits exist. There’s no kb to apply, so the risk and mitigating controls must be considered. Had Tenable not identified it, we’d probably have no idea
Sign in to comment -
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(182.40000000000003, 41%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJW%3C/text%3E%3C/svg%3E)
Jason Warner 41 Reputation points2025-11-11T19:38:52.45+00:00 Yes windows 11, windows server 2019/2022/2025 all seem to have this i have opened a ticket with Microsoft on it. If i hear back from Microsoft I will post a update.https://nvd.nist.gov/vuln/detail/CVE-2025-6965
-
Jason Warner 41 Reputation points
2025-11-11T19:39:54.3066667+00:00 its in both c:\windows\system32 and c:\windows\syswow64\winsqlite3.dll
-
Jason Warner 41 Reputation points
2025-11-19T19:00:38.0033333+00:00 I have a ticket open with Microsoft asking about when they plan on fixing this. When I hear something I will post it.
Sign in to comment -
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 80%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERV%3C/text%3E%3C/svg%3E)
Rafael Vargas 20 Reputation points2026-01-02T15:53:20.8066667+00:00 Is this patch still pending? Our computers are fully patched, but this file is still missing updates.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(105.60000000000001, 32%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EOE%3C/text%3E%3C/svg%3E)
Obi Ejiofor 0 Reputation points2026-02-12T14:43:13.0133333+00:00 The vulnerabilty is resolved with the updates of this month
Sign in to comment -
-
Francisco Montilla 30,260 Reputation points Independent Advisor2025-10-21T08:41:04.7433333+00:00 Hello,
As of today, I do not see any Microsoft security note or Windows cumulative update explicitly calling out an updated
winsqlite3.dllin October's Patch Tuesday notes, and there is no MSRC advisory that ties Windows'winsqlite3.dlltoCVE-2025-6965.The October 14, 2025 Windows 11 cumulative KB does not mention
winsqlite3.dllor SQLite in its changelog.The Windows Containers team also has an open GitHub issue where scanners flag
winsqlite3.dllin current images, which indicates the topic is known but not yet resolved publicly there.The safest path right now is not to replace
C:\Windows\System32\winsqlite3.dll. If you ever need to repair a protected system DLL, Microsoft's guidance is to use SFC and regular Windows Update.If you own apps that consume SQLite, the workaround is to stop relying on the OS-provided
winsqlite3and ship your own up-to-date SQLite with the application instead. For .NET, switchMicrosoft.Data.Sqliteto thesqlite3provider and bundle a currentSQLite (3.50.2 or later).If you need, I can outline the exact package changes for
Microsoft.Data.Sqliteor the loader order details for a Win32 deployment.