CVE-2025-65896

Published Dec 2, 2025

Last updated 3 months ago

CVSS critical 9.8
SQL injection

Overview

Description
SQL injection vulnerability in long2ice assyncmy thru 0.2.10 allows attackers to execute arbitrary SQL commands via crafted dict keys.
Source
cve@mitre.org
NVD status
Analyzed
Products
asyncmy

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-89

Social media

Hype score
Not currently trending

  1. CVE-2025-65896: Critical SQL injection flaw in Fedora 42/44 python-asyncmy MySQL/MariaDB driver. Upstream security and bugfix release available - users should update promptly. #infosec https://t.co/X0DwKd7ooD

    @threatcluster

    7 Mar 2026

    128 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Sourcecodester Logistic Hub Parcel's Management System v1.0 is vulnerable to SQL Injection in /manage_parcel_type.php.CVE-2026-26891
  2. Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_category.php.CVE-2026-26889
  3. Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_stock.php.CVE-2026-26888
  4. Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_supplier.php.CVE-2026-26887
  5. sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/edit_employee.php.CVE-2026-26700

References

Sources include official advisories and independent security research.