Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2025-61385
CVE-2025-61385:
Python vulnerability analysis and mitigation
Overview
SQL injection vulnerability in tlocke pg8000 1.31.4 allows remote attackers to execute arbitrary SQL commands via a specially crafted Python list input to function pg8000.native.literal (NVD).
Technical details
The vulnerability exists in pg8000 version 1.31.4, specifically in the pg8000.native.literal function. The function is susceptible to SQL injection when processing Python list inputs. This vulnerability has been assigned CVE-2025-61385 and is currently being tracked in the National Vulnerability Database (NVD).
Impact
The vulnerability allows remote attackers to execute arbitrary SQL commands on affected systems. This could potentially lead to unauthorized access to or manipulation of the database (NVD).
Mitigation and workarounds
A fix has been committed to the pg8000 repository. Users should monitor for updates and apply them when available (Codeberg Commit).
Additional resources
Source: This report was generated using AI
Related Python vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management