Critical severity9.6GHSA Advisory· Published Oct 27, 2025· Updated Apr 15, 2026

CVE-2025-61385

Description

SQL injection vulnerability in tlocke pg8000 1.31.4 allows remote attackers to execute arbitrary SQL commands via a specially crafted Python list input to function pg8000.native.literal.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
pg8000PyPI	< 1.31.5	1.31.5

Affected products

Pachno/Pg8000GHSA
Range: <= 1.31.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-wq2g-r956-j8ccghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2025-61385ghsaADVISORY
codeberg.org/tlocke/pg8000/commit/8663c746b02286c32f19c385f0e2e5da9e4fa140nvdWEB
github.com/bmcyver/vulnerability-research/tree/main/CVE-2025-61385nvdWEB

News mentions

No linked articles in our index yet.

cvss	0.624
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000