CVE-2025-64459 | Django up to 4.2.25/5.1.13/5.2.7 QuerySet.filter/QuerySet.exclude/QuerySet.get sql injection

Inserito da Angelo Barbosa | Nov 5, 2025 | CVE

A vulnerability was found in Django up to 4.2.25/5.1.13/5.2.7. It has been declared as critical. This impacts the function QuerySet.filter/QuerySet.exclude/QuerySet.get. Such manipulation leads to sql injection.

This vulnerability is traded as CVE-2025-64459. The attack may be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2025-64459 | Django up to 4.2.25/5.1.13/5.2.7 QuerySet.filter/QuerySet.exclude/QuerySet.get sql injection

Post correlati

CVE-2024-0874 | CoreDNS CD Bit Response access control

CVE-2024-44043 | 10Web Photo Gallery Plugin up to 1.8.27 on WordPress cross site scripting

CVE-2024-12710 | WP-Appbox Plugin up to 4.5.3 on WordPress cross site scripting

CVE-2025-10256 | FFmpeg Firequalizer filter af_firequalizer.c config_input null pointer dereference