Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

openSUSE: Severe SQL Injection Flaw in python-Django CVE-2025-64459

opensuse
Calendar Grey November 6, 2025
Dist Opensuse Esm H88
A critical security update for openSUSE addresses a SQL injection issue in python-Django. Ensure your systems are secure now.
An update that fixes one vulnerability is now available.

Description

This update for python-Django fixes the following issues:

- CVE-2025-64459: Fixed a potential SQL injection via `_connector` keyword

argument in `QuerySet` and `Q` objects (boo#1252926).

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP6:

zypper in -t patch openSUSE-2025-421=1

Package List

- openSUSE Backports SLE-15-SP6 (noarch):

python3-Django-2.2.28-bp156.24.1

References

https://www.suse.com/security/cve/CVE-2025-64459.html

https://bugzilla.suse.com/1252926

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2025:0421-1
Rating: important
Affected Products: openSUSE Backports SLE-15-SP6

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here