VYPR
High severity7.1NVD Advisory· Published Sep 3, 2025· Updated Jun 17, 2026

CVE-2025-57833

CVE-2025-57833

Description

An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed QuerySet.annotate() or QuerySet.alias().

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
DjangoPyPI
< 4.2.244.2.24
DjangoPyPI
>= 5.0a1, < 5.1.125.1.12
DjangoPyPI
>= 5.2a1, < 5.2.65.2.6

Affected products

10

Patches

Vulnerability mechanics

References

14

News mentions

0

No linked articles in our index yet.