AI description
CVE-2025-69662 is identified as a SQL injection vulnerability affecting geopandas versions prior to 1.1.2. This flaw enables an attacker to extract sensitive information. The vulnerability specifically arises when the `to_postgis()` function within geopandas is utilized to write GeoDataFrames to a PostgreSQL database.
- Description
- SQL injection vulnerability in geopandas before v.1.1.2 allows an attacker to obtain sensitive information via the to_postgis()` function being used to write GeoDataFrames to a PostgreSQL database.
- Source
- cve@mitre.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 8.6
- Impact score
- 4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
- Severity
- HIGH
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-89
- Hype score
- Not currently trending
geopandas is affected by a SQL injection vulnerability (UBUNTU-CVE-2025-69662) in to_postgis(). Attackers could obtain sensitive data. Review usage of user-controlled input. #geopandas #SQLi #infosec https://t.co/bfRL4T0aAn
@pulsepatchio
3 Feb 2026
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-69662 | SQL Injection in GeoPandas While using GeoPandas, I found a SQL Injection vulnerability in to_postgis() caused by direct string concatenation of user input. This library is downloaded ~2M times per week. https://t.co/Bsx7CrAC66 #security #cve #bugbounty
@aydinnyunuss
1 Feb 2026
812 Impressions
1 Retweet
23 Likes
7 Bookmarks
0 Replies
0 Quotes
Geopandas is affected by a SQL injection vulnerability (CVE-2025-69662) in the to_postgis() function. This could allow sensitive data retrieval. #Geopandas #SQLi #infosec https://t.co/y6Gkwd3Pzf
@pulsepatchio
1 Feb 2026
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Python GeoPandas users should note a SQL injection flaw (CVE-2025-69662) in to_postgis(). Ensure untrusted input is sanitized before writing GeoDataFrames. #Python #GeoPandas #SQLi https://t.co/Sh0lnhGPKm
@pulsepatchio
31 Jan 2026
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🟠 CVE-2025-69662 - High SQL injection vulnerability in geopandas before v.1.1.2 allows an attacker to obtain sensitive information via the to_postgis()` function being used to write GeoDataFrames to a PostgreSQL dat... https://t.co/I0ezAVu0qz https://t.co/1PloICoyCL
@TheHackerWire
30 Jan 2026
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-69662 SQL Injection in GeoPandas Before v1.1.2 Enabling Sensitive Information Disclosure https://t.co/qSrloNKxKa
@VulmonFeeds
30 Jan 2026
47 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-69662 SQL injection vulnerability in geopandas before v.1.1.2 allows an attacker to obtain sensitive information via the to_postgis()` function being used to write GeoDataF… https://t.co/lvBgm54rSU
@CVEnew
30 Jan 2026
187 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes