SQL Injection Vulnerability in Django Framework by Django Software Foundation
CVE-2025-57833
Key Information:
- Vendor
Djangoproject
- Status
- Vendor
- CVE Published:
- 3 September 2025
Badges
What is CVE-2025-57833?
CVE-2025-57833 is a SQL injection vulnerability found in the Django web framework, specifically affecting versions 4.2 prior to 4.2.24, 5.1 prior to 5.1.12, and 5.2 prior to 5.2.6. Django is a widely used open-source framework designed for building web applications quickly and efficiently. This vulnerability arises when improperly managed filtered relations allow for SQL injection through column aliases. By exploiting this flaw, attackers can manipulate the database queries executed by the affected Django applications. This can lead to unauthorized access to sensitive information, data corruption, or even complete takeover of the database, all of which pose severe risks to an organization's data integrity and security.
Potential impact of CVE-2025-57833
-
Data Leakage: Attackers can gain unauthorized access to sensitive data stored in the database, potentially exposing personal information, business-critical data, and intellectual property.
-
Database Manipulation: Successful exploitation can allow an attacker to modify or delete data, leading to data corruption and significant operational disruptions for the organization.
-
Access Control Compromise: By leveraging this vulnerability, attackers may escalate their privileges within the application, granting them control over user accounts and the ability to perform unauthorized actions.
Affected Version(s)
Django 4.2 < 4.2.24
Django 5.1 < 5.1.12
Django 5.2 < 5.2.6
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.