Vulnerability-Lookup

RHSA-2025:23196

Vulnerability from csaf_redhat - Published: 2025-12-15 13:06 - Updated: 2025-12-18 20:13

Summary

Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.6 Ansible DevSpaces Container Release Update

Notes

Topic

An update is now available for Red Hat Ansible Automation Platform Ansible DevSpaces Container

Details

Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language. Update(s) and Fix(es): * Update ansible dev-tools to AAP 2.6 * Add ARM, ppc and s390x architectures

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for Red Hat Ansible Automation Platform Ansible DevSpaces Container",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat Ansible Automation Platform provides an enterprise framework for\nbuilding, deploying and managing IT automation at scale. IT Managers can\nprovide top-down guidelines on how automation is applied to individual\nteams, while automation developers retain the freedom to write tasks that\nleverage existing knowledge without the overhead. Ansible Automation\nPlatform makes it possible for users across an organization to share, vet,\nand manage automation content by means of a simple, powerful, and agentless\nlanguage.\n\nUpdate(s) and Fix(es):\n\n* Update ansible dev-tools to AAP 2.6\n* Add ARM, ppc and s390x architectures",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2025:23196",
        "url": "https://access.redhat.com/errata/RHSA-2025:23196"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-59681",
        "url": "https://access.redhat.com/security/cve/CVE-2025-59681"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-59682",
        "url": "https://access.redhat.com/security/cve/CVE-2025-59682"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-64459",
        "url": "https://access.redhat.com/security/cve/CVE-2025-64459"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/",
        "url": "https://access.redhat.com/security/updates/classification/"
      },
      {
        "category": "external",
        "summary": "https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/release_notes/patch_releases",
        "url": "https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/release_notes/patch_releases"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_23196.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.6 Ansible DevSpaces Container Release Update",
    "tracking": {
      "current_release_date": "2025-12-18T20:13:17+00:00",
      "generator": {
        "date": "2025-12-18T20:13:17+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.14"
        }
      },
      "id": "RHSA-2025:23196",
      "initial_release_date": "2025-12-15T13:06:31+00:00",
      "revision_history": [
        {
          "date": "2025-12-15T13:06:31+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-12-15T13:06:35+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-12-18T20:13:17+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Ansible Automation Platform 2.6",
                "product": {
                  "name": "Red Hat Ansible Automation Platform 2.6",
                  "product_id": "Red Hat Ansible Automation Platform 2.6",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:ansible_automation_platform:2.6::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Ansible Automation Platform"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:5c2b7437a4e6c96e98e0cdbd926295ec34e221cbd53d688362719bf37187faff_amd64",
                "product": {
                  "name": "registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:5c2b7437a4e6c96e98e0cdbd926295ec34e221cbd53d688362719bf37187faff_amd64",
                  "product_id": "registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:5c2b7437a4e6c96e98e0cdbd926295ec34e221cbd53d688362719bf37187faff_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/ansible-devspaces-rhel9@sha256%3A5c2b7437a4e6c96e98e0cdbd926295ec34e221cbd53d688362719bf37187faff?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-tech-preview\u0026tag=2.6-1765600296"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8570386a64686788159d361f55b1b5bc9eb350a82048b386b476ae2ea83e374e_arm64",
                "product": {
                  "name": "registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8570386a64686788159d361f55b1b5bc9eb350a82048b386b476ae2ea83e374e_arm64",
                  "product_id": "registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8570386a64686788159d361f55b1b5bc9eb350a82048b386b476ae2ea83e374e_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/ansible-devspaces-rhel9@sha256%3A8570386a64686788159d361f55b1b5bc9eb350a82048b386b476ae2ea83e374e?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-tech-preview\u0026tag=2.6-1765600296"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "arm64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:b7813e84cddc3ea6ad097d51b3316f2021fc31af6826cfad31a8de826d38e549_s390x",
                "product": {
                  "name": "registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:b7813e84cddc3ea6ad097d51b3316f2021fc31af6826cfad31a8de826d38e549_s390x",
                  "product_id": "registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:b7813e84cddc3ea6ad097d51b3316f2021fc31af6826cfad31a8de826d38e549_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/ansible-devspaces-rhel9@sha256%3Ab7813e84cddc3ea6ad097d51b3316f2021fc31af6826cfad31a8de826d38e549?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-tech-preview\u0026tag=2.6-1765600296"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:020f49ce6da38f7ea894297143c18f6b1fa6a6986a9ef78d33f6e359a24e35b9_ppc64le",
                "product": {
                  "name": "registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:020f49ce6da38f7ea894297143c18f6b1fa6a6986a9ef78d33f6e359a24e35b9_ppc64le",
                  "product_id": "registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:020f49ce6da38f7ea894297143c18f6b1fa6a6986a9ef78d33f6e359a24e35b9_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/ansible-devspaces-rhel9@sha256%3A020f49ce6da38f7ea894297143c18f6b1fa6a6986a9ef78d33f6e359a24e35b9?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-tech-preview\u0026tag=2.6-1765600296"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:020f49ce6da38f7ea894297143c18f6b1fa6a6986a9ef78d33f6e359a24e35b9_ppc64le as a component of Red Hat Ansible Automation Platform 2.6",
          "product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:020f49ce6da38f7ea894297143c18f6b1fa6a6986a9ef78d33f6e359a24e35b9_ppc64le"
        },
        "product_reference": "registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:020f49ce6da38f7ea894297143c18f6b1fa6a6986a9ef78d33f6e359a24e35b9_ppc64le",
        "relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:5c2b7437a4e6c96e98e0cdbd926295ec34e221cbd53d688362719bf37187faff_amd64 as a component of Red Hat Ansible Automation Platform 2.6",
          "product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:5c2b7437a4e6c96e98e0cdbd926295ec34e221cbd53d688362719bf37187faff_amd64"
        },
        "product_reference": "registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:5c2b7437a4e6c96e98e0cdbd926295ec34e221cbd53d688362719bf37187faff_amd64",
        "relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8570386a64686788159d361f55b1b5bc9eb350a82048b386b476ae2ea83e374e_arm64 as a component of Red Hat Ansible Automation Platform 2.6",
          "product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8570386a64686788159d361f55b1b5bc9eb350a82048b386b476ae2ea83e374e_arm64"
        },
        "product_reference": "registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8570386a64686788159d361f55b1b5bc9eb350a82048b386b476ae2ea83e374e_arm64",
        "relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:b7813e84cddc3ea6ad097d51b3316f2021fc31af6826cfad31a8de826d38e549_s390x as a component of Red Hat Ansible Automation Platform 2.6",
          "product_id": "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:b7813e84cddc3ea6ad097d51b3316f2021fc31af6826cfad31a8de826d38e549_s390x"
        },
        "product_reference": "registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:b7813e84cddc3ea6ad097d51b3316f2021fc31af6826cfad31a8de826d38e549_s390x",
        "relates_to_product_reference": "Red Hat Ansible Automation Platform 2.6"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-59681",
      "cwe": {
        "id": "CWE-89",
        "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
      },
      "discovery_date": "2025-09-30T13:14:19.705000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2400449"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate(), QuerySet.alias(), QuerySet.aggregate(), and QuerySet.extra() are subject to SQL injection in column aliases, when using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to these methods (on MySQL and MariaDB).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "django: Potential SQL injection in QuerySet.annotate(), alias(), aggregate(), and extra() on MySQL and MariaDB1",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:020f49ce6da38f7ea894297143c18f6b1fa6a6986a9ef78d33f6e359a24e35b9_ppc64le",
          "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:5c2b7437a4e6c96e98e0cdbd926295ec34e221cbd53d688362719bf37187faff_amd64",
          "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8570386a64686788159d361f55b1b5bc9eb350a82048b386b476ae2ea83e374e_arm64",
          "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:b7813e84cddc3ea6ad097d51b3316f2021fc31af6826cfad31a8de826d38e549_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-59681"
        },
        {
          "category": "external",
          "summary": "RHBZ#2400449",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2400449"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-59681",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-59681"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59681",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59681"
        }
      ],
      "release_date": "2025-10-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-15T13:06:31+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6#Upgrading",
          "product_ids": [
            "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:020f49ce6da38f7ea894297143c18f6b1fa6a6986a9ef78d33f6e359a24e35b9_ppc64le",
            "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:5c2b7437a4e6c96e98e0cdbd926295ec34e221cbd53d688362719bf37187faff_amd64",
            "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8570386a64686788159d361f55b1b5bc9eb350a82048b386b476ae2ea83e374e_arm64",
            "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:b7813e84cddc3ea6ad097d51b3316f2021fc31af6826cfad31a8de826d38e549_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:23196"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:020f49ce6da38f7ea894297143c18f6b1fa6a6986a9ef78d33f6e359a24e35b9_ppc64le",
            "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:5c2b7437a4e6c96e98e0cdbd926295ec34e221cbd53d688362719bf37187faff_amd64",
            "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8570386a64686788159d361f55b1b5bc9eb350a82048b386b476ae2ea83e374e_arm64",
            "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:b7813e84cddc3ea6ad097d51b3316f2021fc31af6826cfad31a8de826d38e549_s390x"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:020f49ce6da38f7ea894297143c18f6b1fa6a6986a9ef78d33f6e359a24e35b9_ppc64le",
            "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:5c2b7437a4e6c96e98e0cdbd926295ec34e221cbd53d688362719bf37187faff_amd64",
            "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8570386a64686788159d361f55b1b5bc9eb350a82048b386b476ae2ea83e374e_arm64",
            "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:b7813e84cddc3ea6ad097d51b3316f2021fc31af6826cfad31a8de826d38e549_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "django: Potential SQL injection in QuerySet.annotate(), alias(), aggregate(), and extra() on MySQL and MariaDB1"
    },
    {
      "cve": "CVE-2025-59682",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2025-09-30T13:18:31.746000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2400450"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. The django.utils.archive.extract() function, used by the \"startapp --template\" and \"startproject --template\" commands, allows partial directory traversal via an archive with file paths sharing a common prefix with the target directory.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "django: Potential partial directory-traversal via archive.extract()",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:020f49ce6da38f7ea894297143c18f6b1fa6a6986a9ef78d33f6e359a24e35b9_ppc64le",
          "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:5c2b7437a4e6c96e98e0cdbd926295ec34e221cbd53d688362719bf37187faff_amd64",
          "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8570386a64686788159d361f55b1b5bc9eb350a82048b386b476ae2ea83e374e_arm64",
          "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:b7813e84cddc3ea6ad097d51b3316f2021fc31af6826cfad31a8de826d38e549_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-59682"
        },
        {
          "category": "external",
          "summary": "RHBZ#2400450",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2400450"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-59682",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-59682"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59682",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59682"
        }
      ],
      "release_date": "2025-10-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-15T13:06:31+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6#Upgrading",
          "product_ids": [
            "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:020f49ce6da38f7ea894297143c18f6b1fa6a6986a9ef78d33f6e359a24e35b9_ppc64le",
            "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:5c2b7437a4e6c96e98e0cdbd926295ec34e221cbd53d688362719bf37187faff_amd64",
            "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8570386a64686788159d361f55b1b5bc9eb350a82048b386b476ae2ea83e374e_arm64",
            "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:b7813e84cddc3ea6ad097d51b3316f2021fc31af6826cfad31a8de826d38e549_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:23196"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:020f49ce6da38f7ea894297143c18f6b1fa6a6986a9ef78d33f6e359a24e35b9_ppc64le",
            "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:5c2b7437a4e6c96e98e0cdbd926295ec34e221cbd53d688362719bf37187faff_amd64",
            "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8570386a64686788159d361f55b1b5bc9eb350a82048b386b476ae2ea83e374e_arm64",
            "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:b7813e84cddc3ea6ad097d51b3316f2021fc31af6826cfad31a8de826d38e549_s390x"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:020f49ce6da38f7ea894297143c18f6b1fa6a6986a9ef78d33f6e359a24e35b9_ppc64le",
            "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:5c2b7437a4e6c96e98e0cdbd926295ec34e221cbd53d688362719bf37187faff_amd64",
            "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8570386a64686788159d361f55b1b5bc9eb350a82048b386b476ae2ea83e374e_arm64",
            "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:b7813e84cddc3ea6ad097d51b3316f2021fc31af6826cfad31a8de826d38e549_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "django: Potential partial directory-traversal via archive.extract()"
    },
    {
      "cve": "CVE-2025-64459",
      "cwe": {
        "id": "CWE-89",
        "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
      },
      "discovery_date": "2025-11-05T16:01:11.092353+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2412651"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.\nThe methods `QuerySet.filter()`, `QuerySet.exclude()`, and `QuerySet.get()`, and the class `Q()`, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the `_connector` argument.\nEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\nDjango would like to thank cyberstan for reporting this issue.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "django: Django SQL injection",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The impact of this vulnerability on Red Hat products is limited to the effective user scope of the running process.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:020f49ce6da38f7ea894297143c18f6b1fa6a6986a9ef78d33f6e359a24e35b9_ppc64le",
          "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:5c2b7437a4e6c96e98e0cdbd926295ec34e221cbd53d688362719bf37187faff_amd64",
          "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8570386a64686788159d361f55b1b5bc9eb350a82048b386b476ae2ea83e374e_arm64",
          "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:b7813e84cddc3ea6ad097d51b3316f2021fc31af6826cfad31a8de826d38e549_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-64459"
        },
        {
          "category": "external",
          "summary": "RHBZ#2412651",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2412651"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-64459",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-64459"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64459",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64459"
        },
        {
          "category": "external",
          "summary": "https://docs.djangoproject.com/en/dev/releases/security/",
          "url": "https://docs.djangoproject.com/en/dev/releases/security/"
        },
        {
          "category": "external",
          "summary": "https://github.com/django/django/commit/c880530ddd4fabd5939bab0e148bebe36699432a",
          "url": "https://github.com/django/django/commit/c880530ddd4fabd5939bab0e148bebe36699432a"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/django-announce",
          "url": "https://groups.google.com/g/django-announce"
        },
        {
          "category": "external",
          "summary": "https://www.djangoproject.com/weblog/2025/nov/05/security-releases/",
          "url": "https://www.djangoproject.com/weblog/2025/nov/05/security-releases/"
        }
      ],
      "release_date": "2025-11-05T15:09:58.239000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-12-15T13:06:31+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6#Upgrading",
          "product_ids": [
            "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:020f49ce6da38f7ea894297143c18f6b1fa6a6986a9ef78d33f6e359a24e35b9_ppc64le",
            "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:5c2b7437a4e6c96e98e0cdbd926295ec34e221cbd53d688362719bf37187faff_amd64",
            "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8570386a64686788159d361f55b1b5bc9eb350a82048b386b476ae2ea83e374e_arm64",
            "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:b7813e84cddc3ea6ad097d51b3316f2021fc31af6826cfad31a8de826d38e549_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:23196"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:020f49ce6da38f7ea894297143c18f6b1fa6a6986a9ef78d33f6e359a24e35b9_ppc64le",
            "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:5c2b7437a4e6c96e98e0cdbd926295ec34e221cbd53d688362719bf37187faff_amd64",
            "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8570386a64686788159d361f55b1b5bc9eb350a82048b386b476ae2ea83e374e_arm64",
            "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:b7813e84cddc3ea6ad097d51b3316f2021fc31af6826cfad31a8de826d38e549_s390x"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:020f49ce6da38f7ea894297143c18f6b1fa6a6986a9ef78d33f6e359a24e35b9_ppc64le",
            "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:5c2b7437a4e6c96e98e0cdbd926295ec34e221cbd53d688362719bf37187faff_amd64",
            "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:8570386a64686788159d361f55b1b5bc9eb350a82048b386b476ae2ea83e374e_arm64",
            "Red Hat Ansible Automation Platform 2.6:registry.redhat.io/ansible-automation-platform-tech-preview/ansible-devspaces-rhel9@sha256:b7813e84cddc3ea6ad097d51b3316f2021fc31af6826cfad31a8de826d38e549_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "django: Django SQL injection"
    }
  ]
}

CVE-2025-59681 (GCVE-0-2025-59681)

Vulnerability from cvelistv5 – Published: 2025-10-01 00:00 – Updated: 2025-11-04 21:13

Summary

An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate(), QuerySet.alias(), QuerySet.aggregate(), and QuerySet.extra() are subject to SQL injection in column aliases, when using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to these methods (on MySQL and MariaDB).

Severity ?

7.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

CWE

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Assigner

mitre

References

URL

Tags

	https://docs.djangoproject.com/en/dev/releases/se…
	https://groups.google.com/g/django-announce
	https://www.djangoproject.com/weblog/2025/oct/01/…

Impacted products

	Vendor	Product	Version
	djangoproject	Django	Affected: 4.2 , < 4.2.25 (custom) Affected: 5.1 , < 5.1.13 (custom) Affected: 5.2 , < 5.2.7 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-59681",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T19:12:04.911087Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T19:12:14.952Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T21:13:55.046Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/10/01/3"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Django",
          "vendor": "djangoproject",
          "versions": [
            {
              "lessThan": "4.2.25",
              "status": "affected",
              "version": "4.2",
              "versionType": "custom"
            },
            {
              "lessThan": "5.1.13",
              "status": "affected",
              "version": "5.1",
              "versionType": "custom"
            },
            {
              "lessThan": "5.2.7",
              "status": "affected",
              "version": "5.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.2.25",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.1.13",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.2.7",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate(), QuerySet.alias(), QuerySet.aggregate(), and QuerySet.extra() are subject to SQL injection in column aliases, when using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to these methods (on MySQL and MariaDB)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-01T18:47:07.600Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://docs.djangoproject.com/en/dev/releases/security/"
        },
        {
          "url": "https://groups.google.com/g/django-announce"
        },
        {
          "url": "https://www.djangoproject.com/weblog/2025/oct/01/security-releases/"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-59681",
    "datePublished": "2025-10-01T00:00:00.000Z",
    "dateReserved": "2025-09-18T00:00:00.000Z",
    "dateUpdated": "2025-11-04T21:13:55.046Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-59682 (GCVE-0-2025-59682)

Vulnerability from cvelistv5 – Published: 2025-10-01 00:00 – Updated: 2025-11-04 21:13

Summary

An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. The django.utils.archive.extract() function, used by the "startapp --template" and "startproject --template" commands, allows partial directory traversal via an archive with file paths sharing a common prefix with the target directory.

Severity ?

3.1 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE

CWE-23 - Relative Path Traversal

Assigner

mitre

References

URL

Tags

	https://docs.djangoproject.com/en/dev/releases/se…
	https://groups.google.com/g/django-announce
	https://www.djangoproject.com/weblog/2025/oct/01/…

Impacted products

	Vendor	Product	Version
	djangoproject	Django	Affected: 4.2 , < 4.2.25 (custom) Affected: 5.1 , < 5.1.13 (custom) Affected: 5.2 , < 5.2.7 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-59682",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T19:10:29.537724Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T19:10:39.951Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T21:13:56.342Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/10/01/3"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Django",
          "vendor": "djangoproject",
          "versions": [
            {
              "lessThan": "4.2.25",
              "status": "affected",
              "version": "4.2",
              "versionType": "custom"
            },
            {
              "lessThan": "5.1.13",
              "status": "affected",
              "version": "5.1",
              "versionType": "custom"
            },
            {
              "lessThan": "5.2.7",
              "status": "affected",
              "version": "5.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.2.25",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.1.13",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.2.7",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. The django.utils.archive.extract() function, used by the \"startapp --template\" and \"startproject --template\" commands, allows partial directory traversal via an archive with file paths sharing a common prefix with the target directory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-23",
              "description": "CWE-23 Relative Path Traversal",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-01T18:51:53.204Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://docs.djangoproject.com/en/dev/releases/security/"
        },
        {
          "url": "https://groups.google.com/g/django-announce"
        },
        {
          "url": "https://www.djangoproject.com/weblog/2025/oct/01/security-releases/"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-59682",
    "datePublished": "2025-10-01T00:00:00.000Z",
    "dateReserved": "2025-09-18T00:00:00.000Z",
    "dateUpdated": "2025-11-04T21:13:56.342Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-64459 (GCVE-0-2025-64459)

Vulnerability from cvelistv5 – Published: 2025-11-05 15:09 – Updated: 2025-11-08 12:49

Title

Potential SQL injection via _connector keyword argument in QuerySet and Q objects

Summary

An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. The methods `QuerySet.filter()`, `QuerySet.exclude()`, and `QuerySet.get()`, and the class `Q()`, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the `_connector` argument. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank cyberstan for reporting this issue.

Severity ?

No CVSS data available.

CWE

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Assigner

DSF

References

URL

Tags

	https://docs.djangoproject.com/en/dev/releases/se…	vendor-advisory
	https://groups.google.com/g/django-announce	mailing-list
	https://www.djangoproject.com/weblog/2025/nov/05/…	vendor-advisory

Impacted products

	Vendor	Product	Version
	djangoproject	Django	Affected: 5.2 , < 5.2.8 (semver) Unaffected: 5.2.8 (semver) Affected: 5.1 , < 5.1.14 (semver) Unaffected: 5.1.14 (semver) Affected: 4.2 , < 4.2.26 (semver) Unaffected: 4.2.26 (semver)

Credits

cyberstan Jacob Walls Natalia Bidart

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 9.1,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-64459",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-05T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-06T04:55:35.681Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-08T12:49:45.129Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://shivasurya.me/security/django/2025/11/07/django-sql-injection-CVE-2025-64459.html"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pypi.org/project/Django/",
          "defaultStatus": "unaffected",
          "packageName": "django",
          "product": "Django",
          "repo": "https://github.com/django/django/",
          "vendor": "djangoproject",
          "versions": [
            {
              "lessThan": "5.2.8",
              "status": "affected",
              "version": "5.2",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "5.2.8",
              "versionType": "semver"
            },
            {
              "lessThan": "5.1.14",
              "status": "affected",
              "version": "5.1",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "5.1.14",
              "versionType": "semver"
            },
            {
              "lessThan": "4.2.26",
              "status": "affected",
              "version": "4.2",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "4.2.26",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "cyberstan"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Jacob Walls"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "Natalia Bidart"
        }
      ],
      "datePublic": "2025-11-05T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAn issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.\u003c/p\u003e\u003cp\u003eThe methods `QuerySet.filter()`, `QuerySet.exclude()`, and `QuerySet.get()`, and the class `Q()`, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the `_connector` argument.\u003c/p\u003e\u003cp\u003eEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\u003c/p\u003e\u003cp\u003eDjango would like to thank cyberstan for reporting this issue.\u003c/p\u003e"
            }
          ],
          "value": "An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.\nThe methods `QuerySet.filter()`, `QuerySet.exclude()`, and `QuerySet.get()`, and the class `Q()`, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the `_connector` argument.\nEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\nDjango would like to thank cyberstan for reporting this issue."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-66",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-66 SQL Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://docs.djangoproject.com/en/dev/internals/security/#security-issue-severity-levels",
              "value": "high"
            },
            "type": "Django severity rating"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-05T15:09:58.239Z",
        "orgId": "6a34fbeb-21d4-45e7-8e0a-62b95bc12c92",
        "shortName": "DSF"
      },
      "references": [
        {
          "name": "Django security archive",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://docs.djangoproject.com/en/dev/releases/security/"
        },
        {
          "name": "Django releases announcements",
          "tags": [
            "mailing-list"
          ],
          "url": "https://groups.google.com/g/django-announce"
        },
        {
          "name": "Django security releases issued: 5.2.8, 5.1.14, and 4.2.26",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.djangoproject.com/weblog/2025/nov/05/security-releases/"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2025-10-20T00:00:00+00:00",
          "value": "Initial report received."
        },
        {
          "lang": "en",
          "time": "2025-10-20T00:00:00+00:00",
          "value": "Vulnerability confirmed."
        },
        {
          "lang": "en",
          "time": "2025-11-05T14:00:00+00:00",
          "value": "Security release issued."
        }
      ],
      "title": "Potential SQL injection via _connector keyword argument in QuerySet and Q objects",
      "x_generator": {
        "engine": "cvelib 1.8.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6a34fbeb-21d4-45e7-8e0a-62b95bc12c92",
    "assignerShortName": "DSF",
    "cveId": "CVE-2025-64459",
    "datePublished": "2025-11-05T15:09:58.239Z",
    "dateReserved": "2025-11-04T14:35:57.527Z",
    "dateUpdated": "2025-11-08T12:49:45.129Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2025:23196

CVE-2025-59681 (GCVE-0-2025-59681)

CVE-2025-59682 (GCVE-0-2025-59682)

CVE-2025-64459 (GCVE-0-2025-64459)

Tags

Sightings

Nomenclature