{ "threat_severity" : "Important", "public_date" : "2025-10-01T00:00:00Z", "bugzilla" : { "description" : "django: Potential SQL injection in QuerySet.annotate(), alias(), aggregate(), and extra() on MySQL and MariaDB1", "id" : "2400449", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2400449" }, "cvss3" : { "cvss3_base_score" : "8.1", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "status" : "verified" }, "cwe" : "CWE-89", "details" : [ "An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate(), QuerySet.alias(), QuerySet.aggregate(), and QuerySet.extra() are subject to SQL injection in column aliases, when using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to these methods (on MySQL and MariaDB).", "A flaw was found in Django. A couple of QuerySet methods are subject to SQL injection in column aliases, using a suitably crafted dictionary." ], "affected_release" : [ { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date" : "2025-10-22T00:00:00Z", "advisory" : "RHSA-2025:18984", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "ansible-automation-platform-25/lightspeed-rhel8:2.5.250924-2" }, { "product_name" : "Red Hat Ansible Automation Platform 2.6", "release_date" : "2025-12-15T00:00:00Z", "advisory" : "RHSA-2025:23196", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.6::el9", "package" : "ansible-automation-platform-tech-preview/ansible-devspaces-rhel9:sha256:020f49ce6da38f7ea894297143c18f6b1fa6a6986a9ef78d33f6e359a24e35b9" } ], "package_state" : [ { "product_name" : "OpenShift Service Mesh 3", "fix_state" : "Not affected", "package_name" : "openshift-service-mesh/istio-cni-rhel9", "cpe" : "cpe:/a:redhat:service_mesh:3" }, { "product_name" : "OpenShift Service Mesh 3", "fix_state" : "Not affected", "package_name" : "openshift-service-mesh/istio-must-gather-rhel9", "cpe" : "cpe:/a:redhat:service_mesh:3" }, { "product_name" : "OpenShift Service Mesh 3", "fix_state" : "Not affected", "package_name" : "openshift-service-mesh/istio-pilot-rhel9", "cpe" : "cpe:/a:redhat:service_mesh:3" }, { "product_name" : "OpenShift Service Mesh 3", "fix_state" : "Affected", "package_name" : "openshift-service-mesh/istio-proxyv2-rhel9", "cpe" : "cpe:/a:redhat:service_mesh:3" }, { "product_name" : "OpenShift Service Mesh 3", "fix_state" : "Not affected", "package_name" : "openshift-service-mesh/istio-rhel9-operator", "cpe" : "cpe:/a:redhat:service_mesh:3" }, { "product_name" : "OpenShift Service Mesh 3", "fix_state" : "Not affected", "package_name" : "openshift-service-mesh/istio-sail-operator-bundle", "cpe" : "cpe:/a:redhat:service_mesh:3" }, { "product_name" : "OpenShift Service Mesh 3", "fix_state" : "Not affected", "package_name" : "openshift-service-mesh-tech-preview/istio-ztunnel-rhel9", "cpe" : "cpe:/a:redhat:service_mesh:3" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "ansible-automation-platform-24/lightspeed-rhel8", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "ansible-automation-platform-25/ansible-dev-tools-rhel8", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "automation-controller", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "python-django", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Certification for Red Hat Enterprise Linux 7", "fix_state" : "Affected", "package_name" : "python-django", "cpe" : "cpe:/a:redhat:certifications:1::el7" }, { "product_name" : "Red Hat Discovery 1", "fix_state" : "Not affected", "package_name" : "discovery/discovery-server-rhel9", "cpe" : "cpe:/a:redhat:discovery:1" }, { "product_name" : "Red Hat Discovery 2", "fix_state" : "Affected", "package_name" : "discovery/discovery-server-rhel9", "cpe" : "cpe:/a:redhat:discovery:2::el9" }, { "product_name" : "Red Hat OpenStack Platform 16.2", "fix_state" : "Not affected", "package_name" : "python-django20", "cpe" : "cpe:/a:redhat:openstack:16.2" }, { "product_name" : "Red Hat OpenStack Platform 17.1", "fix_state" : "Not affected", "package_name" : "python-django", "cpe" : "cpe:/a:redhat:openstack:17.1" }, { "product_name" : "Red Hat OpenStack Platform 18.0", "fix_state" : "Not affected", "package_name" : "python-django", "cpe" : "cpe:/a:redhat:openstack:18.0" }, { "product_name" : "Red Hat Satellite 6", "fix_state" : "Not affected", "package_name" : "python-django", "cpe" : "cpe:/a:redhat:satellite:6" }, { "product_name" : "Red Hat Satellite 6", "fix_state" : "Not affected", "package_name" : "satellite-capsule:el8/python-django", "cpe" : "cpe:/a:redhat:satellite:6" }, { "product_name" : "Red Hat Update Infrastructure 4 for Cloud Providers", "fix_state" : "Not affected", "package_name" : "python-django", "cpe" : "cpe:/a:redhat:rhui:4::el8" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-59681\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-59681" ], "name" : "CVE-2025-59681", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang" : "en:us" }, "csaw" : false }