A critical Django web vulnerability, CVE-2025-57833, has been discovered that could allow attackers to execute SQL injection attacks by exploiting the FilteredRelation feature. Users are urged to update to the patched versions to prevent potential data breaches and database manipulation. #Django5.2 #FilteredRelation #SQLInjection #EyalSec
Keypoints
- The CVE-2025-57833 vulnerability affects Django versions 5.2, 5.1, and 4.2, impacting the FilteredRelation feature.
- The flaw stems from improper sanitization of dictionary keys used in QuerySet.annotate() or QuerySet.alias().
- Exploitation could lead to unauthorized data access, modification, or database corruption through crafted SQL injection.
- Updated patched versions, Django 5.2.6, 5.1.12, and 4.2.24, have been released to fix the issue.
- Developers should promptly upgrade, test their applications, and follow security best practices to mitigate risks.
Read More: https://thecyberexpress.com/django-cve-2025-57833-vulnerability/