VDB
CVE-2025-64459
CVE-2025-64459
PUBLISHED
Potential SQL injection via _connector keyword argument in QuerySet and Q objects
EPSS 0.30% · 53.2th percentile
Risk Scores
EPSS Score
0.30%
53.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | django | 4.2.0, 5.2.0, 5.1.0 |
| AWS | connect | |
| Bitnami | django | 5.2.0, 5.1.0, 4.2.0 |
Exploit Intelligence
- rockmelodies/django_sqli_target_CVE-2025-64459 (github-poc)
- rockmelodies/django_sqli_target_CVE-2025-64459 (github-poc)
- rockmelodies/django_sqli_target_CVE-2025-64459 (github-poc)
- rockmelodies/django_sqli_target_CVE-2025-64459 (github-poc)
- rockmelodies/django_sqli_target_CVE-2025-64459 (github-poc)
- rockmelodies/django_sqli_target_CVE-2025-64459 (github-poc)
- rockmelodies/django_sqli_target_CVE-2025-64459 (github-poc)
- rockmelodies/django_sqli_target_CVE-2025-64459 (github-poc)
- rockmelodies/django_sqli_target_CVE-2025-64459 (github-poc)
- rockmelodies/django_sqli_target_CVE-2025-64459 (github-poc)
…and 173 more exploits
Timeline
- Nov 5, 2025 CVE Published
- Nov 6, 2025 EPSS Score
- Nov 7, 2025 PoC Published
- Nov 11, 2025 EPSS Score
- Nov 17, 2025 EPSS Score
- Nov 22, 2025 EPSS Score
- Nov 27, 2025 EPSS Score
- Dec 3, 2025 EPSS Score
- Dec 8, 2025 EPSS Score
- Dec 13, 2025 EPSS Score
- Dec 19, 2025 EPSS Score
- Dec 24, 2025 EPSS Score
References
- https://docs.djangoproject.com/en/dev/releases/security/ url
- https://groups.google.com/g/django-announce url
- https://nvd.nist.gov/vuln/detail/CVE-2025-64459 url
- https://shivasurya.me/security/django/2025/11/07/django-sql-injection-CVE-2025-64459.html url
- https://www.djangoproject.com/weblog/2025/nov/05/security-releases/ url