VDB
BDU%3A2025-13913
BDU%3A2025-13913
PUBLISHED
CVSS 9.399999618530273 CRITICAL
Уязвимость объектов QuerySet и Q программной платформы для разработки веб-приложений Django, позволяющая нарушителю раскрыть и изменить защищаемую информацию
Risk Scores
CVSS 2.0
9.399999618530273
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| ООО «Ред Софт», Django Software Foundation | РЕД ОС (запись в едином реестре российских программ №3751), Django |
Exploit Intelligence
- rockmelodies/django_sqli_target_CVE-2025-64459 (github-poc)
- alxsourin/Helpdesk-Telecom-CVE-2025-64459 (github-poc-repo)
- CVE-2025-64459-hunter (github-poc-repo)
- demo application showing off SQL Injection exploit in django 5.2.7 (github-poc-repo)
- demo application showing off SQL Injection exploit in django 5.2.7 (github-poc)
- CVE-2025-64459-hunter (github-poc)
- alxsourin/Helpdesk-Telecom-CVE-2025-64459 (github-poc)
- Z3YR0xX/CVE-2025-64459 (github-poc)
- Vulnerability: SQL Injection via QuerySet and Q() keyword argument unpacking. CVE ID: CVE-2025-64459 Severity: Critical (CVSS 9.1) Affected Versions: Django 5.1 < 5.1.14, 4.2 < 4.2.26, and 5.2 < 5.2.8. Researcher: Cyberstan (University of Warwick) (github-poc)
- A self-contained testbed for Django CVE-2025-64459. Demonstrates QuerySet.filter() parameter injection via dictionary expansion using Docker. (github-poc)
…and 6 more exploits
Timeline
- Nov 10, 2025 CVE Published
- Dec 2, 2025 CVE Updated
References
- https://docs.djangoproject.com/en/dev/releases/security/ url
- https://www.djangoproject.com/weblog/2025/nov/05/security-releases url
- https://github.com/django/django/commit/06dd38324ac3d60d83d9f3adabf0dcdf423d2a85 url
- https://github.com/django/django/commit/6703f364d767e949c5b0e4016433ef75063b4f9b url
- https://github.com/django/django/commit/72d2c87431f2ae0431d65d0ec792047f078c8241 url
- https://github.com/django/django/commit/59ae82e67053d281ff4562a24bbba21299f0a7d4 url
- https://shivasurya.me/security/django/2025/11/07/django-sql-injection-CVE-2025-64459.html url
- http://repo.red-soft.ru/redos/7.3c/x86_64/updates/ url