CVE-2025-59681

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-59681
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-59681.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-59681
Aliases
Downstream
Related
Published
2025-10-01T00:00:00Z
Modified
2026-05-18T05:57:34.108062363Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate(), QuerySet.alias(), QuerySet.aggregate(), and QuerySet.extra() are subject to SQL injection in column aliases, when using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to these methods (on MySQL and MariaDB).

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/59xxx/CVE-2025-59681.json",
    "cwe_ids": [
        "CWE-89"
    ],
    "cna_assigner": "mitre",
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "introduced": "4.2"
                },
                {
                    "fixed": "4.2.25"
                },
                {
                    "introduced": "5.1"
                },
                {
                    "fixed": "5.1.13"
                },
                {
                    "introduced": "5.2"
                },
                {
                    "fixed": "5.2.7"
                }
            ],
            "source": "AFFECTED_FIELD"
        },
        {
            "extracted_events": [
                {
                    "introduced": "4.2"
                },
                {
                    "fixed": "4.2.25"
                },
                {
                    "introduced": "5.1"
                },
                {
                    "fixed": "5.1.13"
                },
                {
                    "introduced": "5.2"
                },
                {
                    "fixed": "5.2.7"
                }
            ],
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "introduced": "4.2"
                },
                {
                    "fixed": "4.2.25"
                },
                {
                    "introduced": "5.1"
                },
                {
                    "fixed": "5.1.13"
                },
                {
                    "introduced": "5.2"
                },
                {
                    "fixed": "5.2.7"
                }
            ],
            "source": "DESCRIPTION"
        }
    ]
}
References

Affected packages

Git / github.com/django/django

Affected ranges

Type
GIT
Repo
https://github.com/django/django
Events
Introduced
97aa3b7f08f51669e118f3af5ca91026e39664c3
Fixed
57d20b2485e7cd2f029dbf49fb5510b2a6f12c48
Introduced
84d09a547fe35e10018ab242602ca76c29ca91a1
Fixed
467aeeb569da17a7573e8dfc4932434c84e70642
Introduced
9e7cc2b628fe8fd3895986af9b7fc9525034c1b0
Fixed
3cff3209e35a560f94801d428cf7f2a3ecb2a051
Database specific 
{
    "extracted_events": [
        {
            "introduced": "4.2"
        },
        {
            "fixed": "4.2.25"
        },
        {
            "introduced": "5.1"
        },
        {
            "fixed": "5.1.13"
        },
        {
            "introduced": "5.2"
        },
        {
            "fixed": "5.2.7"
        }
    ],
    "source": "CPE_FIELD",
    "cpe": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*"
}

Affected versions

5.*
5.2
5.2.1
5.2.2
5.2.3
5.2.4
5.2.5
5.2.6

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-59681.json"