PT-2025-35820 · Django+4 · Django+4

Eyal Gabay

Published

2025-03-09

Updated

2026-03-10

CVE-2025-57833

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Django versions prior to 4.2.24 Django versions prior to 5.1.12 Django versions prior to 5.2.6

Description An issue was discovered in Django’s FilteredRelation feature, leading to SQL injection in column aliases when using a crafted dictionary with dictionary expansion as the **kwargs passed to QuerySet.annotate() or QuerySet.alias(). This vulnerability allows attackers to potentially manipulate queries and access sensitive data. Approximately 8.4 million services are estimated to be affected yearly.

Recommendations Django versions prior to 4.2.24: Upgrade to version 4.2.24 or later. Django versions prior to 5.1.12: Upgrade to version 5.1.12 or later. Django versions prior to 5.2.6: Upgrade to version 5.2.6 or later.

Exploit

Fix

RCE

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

BDU:2025-11748

BIT-DJANGO-2025-57833

CVE-2025-57833

DLA-4301-1

ECHO-7627-A361-B4D3

GHSA-6W2R-R2M5-XQ5W

MGASA-2025-0229

OESA-2025-2234

OESA-2025-2235

OESA-2025-2236

OESA-2025-2237

OESA-2025-2354

OPENSUSE-SU-2025:15527-1

OPENSUSE-SU-2025:15528-1

OPENSUSE-SU-2026:10005-1

PYSEC-2025-105

RHSA-2025:16403

RHSA-2025:17498

RHSA-2025:17499

RHSA-2025:17500

RHSA-2025:17614

SUSE-SU-2025:03074-1

USN-7736-1

Affected Products

Debian

Django

Linuxmint

Red Os

Ubuntu

PT-2025-35820 · Django+4 · Django+4

CVE-2025-57833

Weakness Enumeration

Related Identifiers

Affected Products

References · 164