CVE-2025-69662 | THREATINT

Description

SQL injection vulnerability in geopandas before v.1.1.2 allows an attacker to obtain sensitive information via the to_postgis()` function being used to write GeoDataFrames to a PostgreSQL database.

PUBLISHED Reserved 2026-01-09 | Published 2026-01-30 | Updated 2026-01-30 | Assigner mitre

References

aydinnyunus.github.io/2025/12/27/sql-injection-geopandas/

github.com/geopandas/geopandas/pull/3681

cve.org (CVE-2025-69662)

nvd.nist.gov (CVE-2025-69662)

Download JSON