CVE-2025-61385 - Vulnerability Details

SQL injection vulnerability in tlocke pg8000 1.31.4 allows remote attackers to execute arbitrary SQL commands via a specially crafted Python list input to function pg8000.native.literal.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

Advisories

Source	ID	Title
Github GHSA	GHSA-wq2g-r956-j8cc	pg8000 SQL injection vulnerability via a specially crafted Python list input

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://codeberg.org/tlocke/pg8000/commit/8663c746b02286c32f19c385f0e2e5da9e4fa140
https://github.com/bmcyver/vulnerability-research/tree/main/CVE-2025-61385

History

Mon, 27 Oct 2025 17:45:00 +0000

Type	Values Removed	Values Added
Description		SQL injection vulnerability in tlocke pg8000 1.31.4 allows remote attackers to execute arbitrary SQL commands via a specially crafted Python list input to function pg8000.native.literal.
References		https://codeberg.org/tlocke/pg8000/commit/8663c746b02286c32f19c385f0e2e5da9e4fa140 https://github.com/bmcyver/vulnerability-research/tree/main/CVE-2025-61385

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2025-10-27T00:00:00.000Z

Updated: 2025-10-27T17:27:03.806Z

Reserved: 2025-09-26T00:00:00.000Z

Link: CVE-2025-61385

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-10-27T18:15:43.760

Modified: 2025-10-27T18:15:43.760

Link: CVE-2025-61385

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Affected Vendors & Products

Metrics

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object