CVE-2025-60542 | THREATINT

Description

SQL Injection vulnerability in TypeORM before 0.3.26 via crafted request to repository.save or repository.update due to the sqlstring call using stringifyObjects default to false.

PUBLISHED Reserved 2025-09-26 | Published 2025-10-29 | Updated 2025-10-29 | Assigner mitre

References

github.com/typeorm/typeorm/releases?q=security&expanded=true

github.com/typeorm/typeorm/pull/11574

github.com/typeorm/typeorm/releases/tag/0.3.26

medium.com/...5-60542-typeorm-mysql-sqli-0-3-25-a1b32bc60453

cve.org (CVE-2025-60542)

nvd.nist.gov (CVE-2025-60542)

Download JSON