CVE-2025-69662
BaseFortify
Publication date: 2026-01-30
Last updated on: 2026-04-21
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| geopandas | geopandas | to 1.1.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-69662 is a SQL injection vulnerability in the GeoPandas library's `to_postgis()` function. It occurs because user-controlled inputs, especially the geometry column name, are directly inserted into SQL queries without proper sanitization or parameterization. This allows an attacker to inject malicious SQL code through the geometry column name, potentially executing arbitrary SQL commands on the PostgreSQL database. The vulnerability was fixed by sanitizing inputs and using parameterized queries to prevent SQL injection. [1, 2]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including unauthorized access to all database data, modification or deletion of database contents, and execution of arbitrary system commands via PostgreSQL features. An attacker can exploit this by injecting malicious SQL through the geometry column name, leading to data leakage, data corruption, or even system compromise. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing if the GeoPandas `to_postgis()` function is vulnerable to SQL injection via the geometry column name. One can attempt to rename the geometry column to a malicious payload that injects SQL code and observe if the database returns error messages revealing sensitive information. For example, using Python code to rename the geometry column to a payload like "geom'); SELECT CAST(version() AS int); --" and then calling `to_postgis()` can reveal the PostgreSQL version in error messages if vulnerable. This method effectively detects the vulnerability by triggering error-based SQL injection. The example command snippet is: ```python import geopandas as gpd from shapely.geometry import Point import re malicious_geom_name = "geom'); SELECT CAST(version() AS int); --" gdf = gpd.GeoDataFrame(geometry=[Point(0, 0)], crs='EPSG:4326') gdf = gdf.rename_geometry(malicious_geom_name) try: gdf.to_postgis(name="test_table", con=engine, if_exists="append") except Exception as e: match = re.search(r':\s*"([^"]+)"', str(e)) if match: print(f"β EXTRACTED PostgreSQL version: {match.group(1)}") ``` If the PostgreSQL version or other database information is extracted, the system is vulnerable. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating GeoPandas to version 1.1.2 or later, where the vulnerability has been fixed by sanitizing the geometry column name input and replacing unsafe f-string SQL construction with parameterized queries using SQLAlchemy's `bindparams()` method. This prevents SQL injection by properly separating user inputs from SQL commands. If updating is not immediately possible, avoid using the `to_postgis()` function with user-controlled geometry column names or ensure that inputs are strictly validated and sanitized before use. Applying the patch from the official GeoPandas repository pull request #3681 is recommended. [1, 2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthorized access to sensitive information stored in PostgreSQL databases via SQL injection, which could lead to data breaches involving personal or protected data. Such breaches may result in non-compliance with data protection regulations like GDPR or HIPAA, which require safeguarding sensitive information against unauthorized access. Therefore, exploitation of this vulnerability could negatively impact compliance with these standards by exposing confidential data. [2]