CVE-2025-59681

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-59681

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-59681.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-59681

Aliases

Downstream

DEBIAN-CVE-2025-59681

DLA-4324-1

OESA-2025-2378

OESA-2025-2379

OESA-2025-2460

OESA-2025-2461

OESA-2025-2462

OESA-2025-2463

SUSE-SU-2025:03446-1

UBUNTU-CVE-2025-59681

USN-7794-1

Related

Published

2025-10-01T19:15:36Z

Modified

2025-10-22T16:24:50.514735Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate(), QuerySet.alias(), QuerySet.aggregate(), and QuerySet.extra() are subject to SQL injection in column aliases, when using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to these methods (on MySQL and MariaDB).

References

Affected packages

Git / github.com/django/django

Affected ranges

Type: GIT
Repo: https://github.com/django/django
Events: Introduced

879e5d587b84e6fc961829611999431778eb9f6a

Fixed

57d20b2485e7cd2f029dbf49fb5510b2a6f12c48

Affected versions

4.*

4.2

4.2.1

4.2.10

4.2.11

4.2.12

4.2.13

4.2.14

4.2.15

4.2.16

4.2.17

4.2.18

4.2.19

4.2.2

4.2.20

4.2.21

4.2.22

4.2.23

4.2.24

4.2.3

4.2.4

4.2.5

4.2.6

4.2.7

4.2.8

4.2.9