Metrics
Affected Vendors & Products
| Source | ID | Title |
|---|---|---|
Debian DLA |
DLA-4324-1 | python-django security update |
EUVD |
EUVD-2025-32048 | Django vulnerable to SQL injection in column aliases |
Github GHSA |
GHSA-hpr9-3m2g-3j9p | Django vulnerable to SQL injection in column aliases |
Ubuntu USN |
USN-7794-1 | Django vulnerabilities |
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Tue, 07 Oct 2025 15:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:* |
Fri, 03 Oct 2025 00:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | django: Potential SQL injection in QuerySet.annotate(), alias(), aggregate(), and extra() on MySQL and MariaDB1 | |
| References |
| |
| Metrics |
threat_severity
|
threat_severity
|
Thu, 02 Oct 2025 09:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Djangoproject
Djangoproject django |
|
| Vendors & Products |
Djangoproject
Djangoproject django |
Wed, 01 Oct 2025 20:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 01 Oct 2025 19:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate(), QuerySet.alias(), QuerySet.aggregate(), and QuerySet.extra() are subject to SQL injection in column aliases, when using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to these methods (on MySQL and MariaDB). | |
| Weaknesses | CWE-89 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2025-10-01T19:12:14.952Z
Reserved: 2025-09-18T00:00:00.000Z
Link: CVE-2025-59681
Updated: 2025-10-01T19:12:07.902Z
Status : Analyzed
Published: 2025-10-01T19:15:36.487
Modified: 2025-10-07T14:50:04.887
Link: CVE-2025-59681
OpenCVE Enrichment
Updated: 2025-10-02T08:45:52Z
Debian DLA
EUVD
Github GHSA
Ubuntu USN