CVE-2025-59681CRITICAL 9.8EPSS p43.6%

CVE-2025-59681CVE-2025-59681

Description

An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate(), QuerySet.alias(), QuerySet.aggregate(), and QuerySet.extra() are subject to SQL injection in column aliases, when using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to these methods (on MySQL and MariaDB).

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.59% probability of exploitation · percentile 43.6% · 2026-06-18T12:00:27Z
Published2025-10-01
Last modified2025-11-04

Underlying weaknesses· 1

CWE-89

References

  1. https://docs.djangoproject.com/en/dev/releases/security/
  2. https://groups.google.com/g/django-announce
  3. https://www.djangoproject.com/weblog/2025/oct/01/security-releases/
  4. http://www.openwall.com/lists/oss-security/2025/10/01/3

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')cwe-890%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-57833
CVE
CVE-2025-64459
CVE
CVE-2025-69662
CVE
CVE-2025-10655
CVE
CVE-2026-4277
CVE
CVE-2026-6873
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.