CVE-2025-59681 | Django up to 4.2.24/5.1.12/5.2.6 QuerySet.annotate/alias/aggregate/extra sql injection

A vulnerability was found in Django up to 4.2.24/5.1.12/5.2.6. It has been classified as critical. Affected by this vulnerability is the function QuerySet.annotate/alias/aggregate/extra. Performing manipulation results in sql injection.

This vulnerability is reported as CVE-2025-59681. The attack is possible to be carried out remotely. No exploit exists.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More