PT-2026-5436 · Geopandas+2 · Geopandas+2

Published

2025-01-01

Updated

2026-03-11

CVE-2025-69662

CVSS v3.1

8.6

High

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions geopandas versions prior to 1.1.2

Description A SQL injection issue exists in geopandas before version 1.1.2. This allows an attacker to potentially obtain sensitive information through the to postgis() function when writing GeoDataFrames to a PostgreSQL database. The to postgis() function is vulnerable.

Recommendations Update geopandas to version 1.1.2 or later.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-202CWE-89

Related Identifiers

CVE-2025-69662

GHSA-6497-PRX7-GPMQ

PYSEC-2026-62

USN-8083-1

Affected Products

Linuxmint

Ubuntu

Geopandas

PT-2026-5436 · Geopandas+2 · Geopandas+2

CVE-2025-69662

Weakness Enumeration

Related Identifiers

Affected Products

References · 29