SQLite vulnerabilities in a few products

[pmichelli]

Tenable is flagging this. Is this something engineering may address at some point? I told my security team this isn't going to get fixed in 2 days (I can't stand Tenable and their scoring system). To me this isn't a critical at all but my hands are tied here. There is no way I'm replacing .dll files manually (like they are asking me to do)

Vulnerability: SQLite < 3.50.2 Memory Corruption
Path : C:\Program Files\PostgreSQL\15\pgAdmin 4\python\sqlite3.dll
Installed version : 3.43.1.0
Fixed version : 3.50.2

Path : C:\Program Files (x86)\Veeam\Backup Transport\x64\vddk_7_0\sqlite3.dll
Installed version : 3.39.0.0
Fixed version : 3.50.2

Path : C:\Users\Administrator\AppData\Local\Programs\pgAdmin 4\python\sqlite3.dll
Installed version : 3.39.4.0
Fixed version : 3.50.2

Plugin ID:242325
Risk: Critical
SLA for remediation: 2 days
CVEs:
CVE-2025-6965

Remediation Note:
Upgrade to SQLite 3.50.2 or later.

[Gostev]

pgAdmin is a part of default PostgreSQL install, feel free to just delete it. Our product does not use it and I don't imagine you're using it yourself on the backup server.

VDDK is a VMware-managed component though, so here we will need to wait for them to patch it first, and then we can adopt the newer version.

[pmichelli]

Thank you as always, Gostev for the quick reply.