CVE-2025-61385

CVSS 9.6 Critical
  • CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
  • Published: 1761588943
  • Last modified: 1761668139

CVE-2025-61385 — SQL injection vulnerability in tlocke pg8000 1.31.4 allows remote attackers to execute arbitrary SQL commands via a specially crafted Python list input to function pg8000.native.literal. [Severity (CVSS) 9.6]

Related CVE by CWE

No closely related CVE found.

Risk snapshot

EPSS: n/a   |   KEV: not listed

Related CVE by CWE

No related CWE found.

Top CVE for Vendor

No vendor taxonomy on this entry.

Recently Exploited Similar Vulnerabilities

No recent KEV-listed items for this vendor/product.

SQL injection vulnerability in tlocke pg8000 1.31.4 allows remote attackers to execute arbitrary SQL commands via a specially crafted Python list input to function pg8000.native.literal.

🧠 Explainer: What this vulnerability means

Summary: A flaw in the product from the vendor (CWE: unspecified) can be exploited.

Impact: Attackers could gain unauthorized access, execute code, or disrupt services.

Mitigation: Apply the latest vendor patch or update to a fixed version; disable vulnerable modules where possible.

No vendor/product data yet.

No explicit mitigation/advisory links found in references.