High severity8.6NVD Advisory· Published Jan 30, 2026· Updated Apr 21, 2026
CVE-2025-69662
CVE-2025-69662
Description
SQL injection vulnerability in geopandas before v.1.1.2 allows an attacker to obtain sensitive information via the to_postgis()` function being used to write GeoDataFrames to a PostgreSQL database.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
geopandasPyPI | < 1.1.2 | 1.1.2 |
Affected products
2Patches
Vulnerability mechanics
References
10- github.com/geopandas/geopandas/pull/3681nvdIssue TrackingPatchWEB
- aydinnyunus.github.io/2025/12/27/sql-injection-geopandas/nvdExploitThird Party Advisory
- github.com/advisories/GHSA-6497-prx7-gpmqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-69662ghsaADVISORY
- aydinnyunus.github.io/2025/12/27/sql-injection-geopandasghsaWEB
- github.com/geopandas/geopandas/commit/6aa8ef14ffdee4ba1044349ab948e1a1fbfaf419ghsaWEB
- github.com/geopandas/geopandas/issues/3679ghsaWEB
- github.com/geopandas/geopandas/releases/tag/v1.1.2ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/geopandas/PYSEC-2026-62.yamlghsaWEB
- lists.debian.org/debian-lts-announce/2026/04/msg00025.htmlnvdWEB
News mentions
0No linked articles in our index yet.