CVE-2025-57833 | Django up to 4.2.23/5.1.11/5.2.5 QuerySet.annotate/QuerySet.alias sql injection

A vulnerability marked as critical has been reported in Django up to 4.2.23/5.1.11/5.2.5. Affected is the function QuerySet.annotate/QuerySet.alias. Performing manipulation results in sql injection.

This vulnerability is identified as CVE-2025-57833. The attack can be initiated remotely. There is not any exploit available.

It is suggested to upgrade the affected component.VulDB Recent EntriesRead More