- Description
- SQL injection vulnerability in geopandas before v.1.1.2 allows an attacker to obtain sensitive information via the to_postgis()` function being used to write GeoDataFrames to a PostgreSQL database.
- Source
- cve@mitre.org
- NVD status
- Analyzed
- Products
- geopandas
CVSS 3.1
- Type
- Secondary
- Base score
- 8.6
- Impact score
- 4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
- Severity
- HIGH
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-89
- Hype score
- Not currently trending
🔴 URGENT: Your #Ubuntu Geospatial Data May Be at Risk 🔴 A newly disclosed SQL injection vulnerability (CVE-2025-69662) in GeoPandas affects millions of Ubuntu users, including those on LTS versions 22.04 and 24.04. Read more: 👉 https://t.co/2lQnjmmejU #Security https://
@Cezar_H_Linux
11 Mar 2026
100 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
geopandas is affected by a SQL injection vulnerability (UBUNTU-CVE-2025-69662) in to_postgis(). Attackers could obtain sensitive data. Review usage of user-controlled input. #geopandas #SQLi #infosec https://t.co/bfRL4T0aAn
@pulsepatchio
3 Feb 2026
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-69662 | SQL Injection in GeoPandas While using GeoPandas, I found a SQL Injection vulnerability in to_postgis() caused by direct string concatenation of user input. This library is downloaded ~2M times per week. https://t.co/Bsx7CrAC66 #security #cve #bugbounty
@aydinnyunuss
1 Feb 2026
812 Impressions
1 Retweet
23 Likes
7 Bookmarks
0 Replies
0 Quotes
Geopandas is affected by a SQL injection vulnerability (CVE-2025-69662) in the to_postgis() function. This could allow sensitive data retrieval. #Geopandas #SQLi #infosec https://t.co/y6Gkwd3Pzf
@pulsepatchio
1 Feb 2026
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Python GeoPandas users should note a SQL injection flaw (CVE-2025-69662) in to_postgis(). Ensure untrusted input is sanitized before writing GeoDataFrames. #Python #GeoPandas #SQLi https://t.co/Sh0lnhGPKm
@pulsepatchio
31 Jan 2026
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🟠 CVE-2025-69662 - High SQL injection vulnerability in geopandas before v.1.1.2 allows an attacker to obtain sensitive information via the to_postgis()` function being used to write GeoDataFrames to a PostgreSQL dat... https://t.co/I0ezAVu0qz https://t.co/1PloICoyCL
@TheHackerWire
30 Jan 2026
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-69662 SQL Injection in GeoPandas Before v1.1.2 Enabling Sensitive Information Disclosure https://t.co/qSrloNKxKa
@VulmonFeeds
30 Jan 2026
47 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-69662 SQL injection vulnerability in geopandas before v.1.1.2 allows an attacker to obtain sensitive information via the to_postgis()` function being used to write GeoDataF… https://t.co/lvBgm54rSU
@CVEnew
30 Jan 2026
187 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:geopandas:geopandas:*:*:*:*:*:python:*:*",
"matchCriteriaId": "24630160-48DA-4222-AF38-862C18B635C9",
"versionEndExcluding": "1.1.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]