AI description
CVE-2025-57833 is a security vulnerability affecting Django versions 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. It involves a potential SQL injection flaw within the FilteredRelation component of Django's Object-Relational Mapping (ORM) system. The vulnerability can be exploited by passing a specially crafted dictionary as a keyword argument to the QuerySet.annotate() or QuerySet.alias() methods, which could lead to the injection of malicious SQL code. This could allow an attacker to interfere with the queries that an application makes to its database, potentially leading to unauthorized data access or modification.
- Description
- An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed QuerySet.annotate() or QuerySet.alias().
- Source
- cve@mitre.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 7.1
- Impact score
- 4.7
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
- Severity
- HIGH
- cve@mitre.org
- CWE-89
- Hype score
- Not currently trending
تا جایی که یادم باشه همه باگهای جنگو و این باگ آخریش (CVE-2025-57833) همشون یک دلیل داشتن و اون هم اصلاحات ارضی بوده.
@miggovortensen
10 Sept 2025
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Actualización de seguridad de Django ❗CVE-2025-57833 ➡️Más info: https://t.co/SoNZjurwGJ https://t.co/6rc6zUwZEL
@CERTpy
8 Sept 2025
129 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 The #Django SQL Injection Flaw: #CVE-2025-57833 Unpacked and Patched https://t.co/CjMsruFAqo Educational Purposes!
@UndercodeUpdate
6 Sept 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
URGENT: #openSUSE security update patches critical SQLi vulnerability CVE-2025-57833 in Python-Django. Read more: 👉 https://t.co/VQPLo2FwLO #Security https://t.co/eRKT6YG3Gz
@Cezar_H_Linux
5 Sept 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
PythonのフレームワークDjangoで危険な脆弱性(CVE-2025-57833) - 合同会社ロケットボーイズ https://t.co/jqRxPngGQx #izumino_trend
@sec_trend
5 Sept 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Weekly vuln radar. https://t.co/Cd6L8ACyLV – spot what’s trending before it’s everywhere: CVE-2025-43300 CVE-2025-48539 CVE-2025-25257 (@0x_shaq) CVE-2025-7775 CVE-2025-57833 (@EyalSec) CVE-2025-53690 CVE-2025-9074 CVE-2025-48543 CVE-2025-24893 https://t.co/KW7HdtM3
@ptdbugs
5 Sept 2025
123 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-57833: Deep Dive into Django SQL injection qs = Order.objects.annotate(total_amount=F("payment__amount")) https://t.co/u7MA6oJ42h #django #sqli #BugBounty
@NullSecurityX
5 Sept 2025
771 Impressions
8 Retweets
30 Likes
11 Bookmarks
0 Replies
0 Quotes
🚨 New Django vulnerability (CVE-2025-57833) SQL Injection possible via FilteredRelation 👉 Affected: 5.2 / 5.1 / 4.2 ✅ Patched: 5.2.6 / 5.1.12 / 4.2.24 SQLi remains one of the most dangerous threats. Framework ≠ Security guarantee. 📄 Full analysis: 🔗https://t.co/t
@umidcybers
4 Sept 2025
123 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
How to protect yourself from CVE-2025-57833 in Django https://t.co/F1mWSGTiW4
@hacksgreece
4 Sept 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical Vulnerability in Django Framework (CVE-2025-57833) #CyberSecurity #Django #SQLInjection #CVE2025 #AppSec #infosec https://t.co/9H8nCnU4oP
@SeReacher
4 Sept 2025
4 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨Alert CVE-2025-57833: A New SQL Injection Flaw Puts Django Web Applications at Risk 8.4M Services are found on https://t.co/rXSMCokfMR yearly. Hunter Link:https://t.co/KkV6ky2eqe 📷Query HUNTER : ="Django" #bugbounty #bugbountytips https://t.co/lSb9yo4P5B
@viehgroup
4 Sept 2025
48 Impressions
0 Retweets
1 Like
2 Bookmarks
1 Reply
0 Quotes
CVE-2025-57833: A New SQL Injection Flaw Puts Django Web Applications at Risk. According to the advisory, the following releases are vulnerable: Django main branch Django 5.2 Django 5.1 Django 4.2 fixed versions: Django 5.2.6 Django 5.1.12 Django 4.2.24 https://t.co/p5sq0b6GBa
@cyber_advising
4 Sept 2025
1016 Impressions
3 Retweets
10 Likes
2 Bookmarks
0 Replies
0 Quotes
⚠️⚠️ CVE-2025-57833: A New SQL Injection Flaw Puts Django Web Applications at Risk 🎯1.6m+ Results are found on the https://t.co/pb16tGYaKe nearly year 🔗FOFA Link: https://t.co/xChRxCUIUV FOFA Query:app="django" 🔖Refer:https://t.co/370xjzKgfB #OSINT #FOFA #CyberSe
@fofabot
4 Sept 2025
1869 Impressions
13 Retweets
30 Likes
9 Bookmarks
5 Replies
0 Quotes
CVE-2025-57833: SQL Injection in Django, 7.1 rating❗️ A vulnerability in some versions of the Django framework allows attackers to access sensitive data if a web application uses insecure versions. Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/RgwFPMJcHX https:
@Netlas_io
4 Sept 2025
605 Impressions
2 Retweets
6 Likes
2 Bookmarks
1 Reply
0 Quotes
🚨Alert🚨CVE-2025-57833: A New SQL Injection Flaw Puts Django Web Applications at Risk 📊8.4M Services are found on the https://t.co/ysWb28Crld yearly. 🔗Hunter Link:https://t.co/VJntCkc3qe 👇Query HUNTER : https://t.co/q9rtuGgxk7="Django" 📰Refer:https://t.co/uBEhVGq
@HunterMapping
4 Sept 2025
7998 Impressions
34 Retweets
138 Likes
67 Bookmarks
3 Replies
1 Quote
Django security releases issued: 5.2.6, 5.1.12, and 4.2.24 - CVE-2025-57833: Potential SQL injection in FilteredRelation column aliases https://t.co/GG4SCcMVQg
@yamaneko1212
3 Sept 2025
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes