CVE-2025-69662HIGH 8.6EPSS p30.1%

CVE-2025-69662CVE-2025-69662

Description

SQL injection vulnerability in geopandas before v.1.1.2 allows an attacker to obtain sensitive information via the to_postgis()` function being used to write GeoDataFrames to a PostgreSQL database.

Scoring

CVSS 3.18.6 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
EPSS0.39% probability of exploitation · percentile 30.1% · 2026-06-18T12:00:27Z
Published2026-01-30
Last modified2026-04-21

Underlying weaknesses· 1

CWE-89

References

  1. https://aydinnyunus.github.io/2025/12/27/sql-injection-geopandas/
  2. https://github.com/geopandas/geopandas/pull/3681
  3. https://lists.debian.org/debian-lts-announce/2026/04/msg00025.html

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')cwe-890%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-49452
CVE
CVE-2025-1094
CVE
CVE-2025-61385
CVE
CVE-2025-57870
CVE
CVE-2025-60118
CVE
CVE-2025-30622
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.