An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed QuerySet.annotate() or QuerySet.alias().

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:17613 advisory.

    Red Hat Satellite is a system management solution that allows organizations     to configure and maintain their systems without the necessity to provide     public Internet access to their servers or other client systems. It     performs provisioning and configuration management of predefined standard     operating environments.

    Security Fix(es):

    * cjson: out-of-bounds access in decode_array_index_from_pointer() in cJSON_Utils.c via crafted JSON     pointer strings (CVE-2025-57052)

    * python-django: Django SQL injection in FilteredRelation column aliases (CVE-2025-57833)

    * puppet-agent: incomplete fix for CVE-2024-49761 (CVE-2025-10990)

    * Fail to upgrade to Satellite 6.16 when Satellite has more than 520 users (SAT-38406)

    * Ensure host key cleanup of /usr/share/foreman-proxy/.ssh/known_hosts on the Satellite (or Capsule)     server when first remote execution is using Ansible (SAT-38408)

    * Installer loads plugins from /opt/puppetlabs/puppet/cache/lib/, breaking PostgreSQL config updates and     thus upgrades from 6.15 to 6.16 (max_connections is not updated) (SAT-38410)

    * Second container push set manifest size fields to -1, which breaks bootc (SAT-38411)

    Users of Red Hat Satellite are advised to upgrade to these updated     packages, which fix these bugs.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:17606 advisory.

    Red Hat Satellite is a system management solution that allows organizations     to configure and maintain their systems without the necessity to provide     public Internet access to their servers or other client systems. It     performs provisioning and configuration management of predefined standard     operating environments.

    Security Fix(es):

    * puppet-agent: incomplete fix for CVE-2024-49761 (CVE-2025-10990)
    * python-django: Django SQL injection in FilteredRelation column aliases (CVE-2025-57833)
    * cjson: out-of-bounds access in decode_array_index_from_pointer() in cJSON_Utils.c via crafted JSON     pointer strings (CVE-2025-57052)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:17614 advisory.

    Red Hat Satellite is a system management solution that allows organizations     to configure and maintain their systems without the necessity to provide     public Internet access to their servers or other client systems. It     performs provisioning and configuration management of predefined standard     operating environments.

    Security Fix(es):

    * python-django: Django SQL injection in FilteredRelation column aliases (CVE-2025-57833)
    * cjson: out-of-bounds access in decode_array_index_from_pointer() in cJSON_Utils.c via crafted JSON     pointer strings (CVE-2025-57052)
    * puppet-agent: REXML ReDoS vulnerability (CVE-2024-49761)

    Users of Red Hat Satellite are advised to upgrade to these updated     packages, which fix these bugs.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:17499 advisory.

    Security Fix(es):

    * Django SQL injection in FilteredRelation column aliases (CVE-2025-57833)

    For more details about the security issue(s), including the impact, a CVSS     score, acknowledgments, and other related information, refer to the CVE     page listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:17500 advisory.

    Django is a high-level Python Web framework that encourages rapid     development and a clean, pragmatic design. It focuses on automating as much     as possible and adhering to the DRY (Don't Repeat Yourself) principle.

    Security Fix(es):

    * Django SQL injection in FilteredRelation column aliases (CVE-2025-57833)

    For more details about the security issue(s), including the impact, a CVSS     score, acknowledgments, and other related information, refer to the CVE     page listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:17498 advisory.

    Django is a high-level Python Web framework that encourages rapid     development and a clean, pragmatic design. It focuses on automating as much     as possible and adhering to the DRY (Don't Repeat Yourself) principle.

    Security Fix(es):

    * Django SQL injection in FilteredRelation column aliases (CVE-2025-57833)

    For more details about the security issue(s), including the impact, a CVSS     score, acknowledgments, and other related information, refer to the CVE     page listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:16487 advisory.

    Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing     IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to     individual teams, while automation developers retain the freedom to write tasks that leverage existing     knowledge without the overhead. Ansible Automation Platform makes it possible for users across an     organization to share, vet, and manage automation content by means of a simple, powerful, and agentless     language.

    Security Fix(es):

    * automation-controller: Django SQL injection in FilteredRelation column aliases (CVE-2025-57833)
    * automation-controller: Django Path Injection Vulnerability (CVE-2025-48432)
    * python3.11-django: Django SQL injection in FilteredRelation column aliases (CVE-2025-57833)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Updates and fixes included:

    Automation Platform
    * Increased gateway control plane authorization performance to reduce or eliminate sporadic request errors     (503, 504, 403) (AAP-53468)
    * Fixed a bug where the gateway does not generate the necessary metadata for the UI to render Settings >     Platform Gateway when the accessing user is an auditor rather than an admin (AAP-53279)
    * If the GRPC server can not connect to the database it will now return a 503 to envoy instead of a 403     (AAP-51931)
    * Altered the help text for the setting ALLOW_OAUTH2_FOR_EXTERNAL_USERS (AAP-51886)
    * Fixed improperly formatted error message in SAML authenticator when passing invalid security settings.
    The error will now properly show the invalid fields and will also indicate what valid field values are     (AAP-51705)
    * Improved debug logging of authenticator map processing, reasoning and results for clarity (AAP-51639)
    * Fixed an issue with authenticator maps not properly evaluating attribute 'in' conditions (AAP-51638)
    * When logging in with SAML authentication, user's groups will be correctly read from configured attribute     instead of expecting groups to always be in Group attribute (AAP-51503)
    * Added scrolling to multiselect dialogs to make pagination visible for users (AAP-52209)
    * Fixed an issue that did not allow a user to save Schedule for Workflow job template when Limit has     Prompt on Launch was enabled (AAP-49794)
    * automation-gateway has been updated to 2.5.20250924
    * python3.11-django-ansible-base has been updated to 2.5.20250924

    Automation controller
    * Galaxy credentials can now be created and edited without the need to specify an organization (AAP-52197)
    * Fixed a path injection vulnerability in Django so that internal HTTP response logging escapes     request.path and remote attackers can't manipulate log output via crafted URLs (AAP-51443)
    * The export command works through the controller collection or with awxkit along when the correct     environment variable is provided (AAP-49452)
    * Fixed double escaped quotes in api/v2/jobs/{id}/stdout/?format=txt (AAP-49077)
    * The export module in the collection now honors the CONTROLLER_OPTIONAL_API_URLPATTERN_PREFIX environment     variable, fixing a bug where exports did not work on deployments using the platform gateway (AAP-39265)
    * automation-controller has been updated to 4.6.20

    Automation hub
    * Added the GALAXY_API_SPEC_REQUIRE_AUTHENTICATION setting (defaults to false), which restricts access to     the OpenAPI specification to authenticated users only (AAP-53578)
    * automation-hub has been updated to 4.10.8
    * python3.11-galaxy-ng has been updated to 4.10.8

    Container-based Ansible Automation Platform
    * Disable IPv6 binding on PostgreSQL and Redis services when IPv6 is disabled on the host (AAP-53546)
    * Fixed the restore and implemented a migration for the controller resource secret key value (AAP-53535)
    * Uploading ansible collections to Private Automation Hub isn't limited by the API pagination anymore     (AAP-53526)
    * Execute the create_initial_data EDA command during restore (AAP-53382)
    * Fix an issue with the Private Automation Hub task name using quotes (AAP-53307)
    * Fixed a path issue for custom_ca_cert when checking postgres connection and version during preflight     (AAP-53213)
    * Fix PostgreSQL configuration directory creation when TLS is disabled (AAP-52569)
    * X-Forwarded-For and Real-Ip headers are now added to the Nginx logs (AAP-52562)
    * containerized installer setup has been updated to 2.5-19

    RPM-based Ansible Automation Platform
    * Fixed an issue where redis_mode=standalone and the Redis group were defined at the same time (AAP-53560)
    * Fixed an issue with EDA restores where database credentials were not updated for event stream     (AAP-53529)
    * Fixed an issue where redis node list could not be created on EDA/gateway nodes which were not part of     the redis group (AAP-53528)
    * Fixed an issue where backup was failing when the deployment had more than 1 EDA node without     eda_node_type defined (AAP-52892)
    * Removed pulpcore-manager sudo requirement (AAP-52288)
    * Fixed a typo in the task, cleaning up instances from the controller (AAP-52078)
    * The gateway uwsgi process count is now configurable (AAP-50390)
    * Wait for Hub workers to get online (AAP-46261)
    * ansible-automation-platform-installer and installer setup have been updated to 2.5-18

    Additional changes
    * aap-metrics-utility has been updated to 0.6.0
    * ansible-creator has been updated to 25.8.0
    * ansible-dev-environment has been updated to 25.8.0
    * ansible-dev-tools has been updated to 25.8.3
    * ansible-lint has been updated to 25.8.2
    * ansible-navigator has been updated to 25.8.0
    * ansible-sign has been updated to 0.1.2
    * automation-gateway-proxy has been updated to 2.6.6-3 for RHEL9
    * molecule has been updated to 25.7.0
    * python3.11-ansible-compat has been updated to 25.8.1
    * python3.11-django has been updated to 4.2.24
    * python3.11-galaxy-importer has been updated to 0.4.33
    * python3.11-pytest-ansible has been updated to 25.8.0
    * python3.11-pytest-plus has been updated to 0.8.1
    * python3.11-pytest-sugar has been updated to 1.1.1
    * python3.11-ruamel-yaml has been updated to 0.18.15
    * python3.11-termcolor has been updated to 3.1.0
    * python3.11-tox-ansible has been updated to 25.8.0

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:16403 advisory.

    Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing     IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to     individual teams, while automation developers retain the freedom to write tasks that leverage existing     knowledge without the overhead. Ansible Automation Platform makes it possible for users across an     organization to share, vet, and manage automation content by means of a simple, powerful, and agentless     language.

    Security Fix(es):

    * python3-django/python39-django: Django SQL injection in FilteredRelation column aliases (CVE-2025-57833)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4301 advisory.

    - -------------------------------------------------------------------------     Debian LTS Advisory DLA-4301-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                           Chris Lamb     September 15, 2025                            https://wiki.debian.org/LTS
    - -------------------------------------------------------------------------

    Package        : python-django     Version        : 2:2.2.28-1~deb11u8     CVE ID         : CVE-2025-57833     Debian Bug     : 1113865

    It was discovered that there was a potential SQL injection attack in     Django, a popular Python-based web development framework.

    Specifically, the FilteredRelation class was vulnerable to an SQL     injection through its use of column aliases. This could have been     exploited using a suitably crafted dictionary that was controlled by     an attacker, either with dictionary expansion via the **kwargs passed     to QuerySet.annotate() or by using QuerySet.alias() directly.

    For Debian 11 bullseye, this problem has been fixed in version     2:2.2.28-1~deb11u8.

    We recommend that you upgrade your python-django packages.

    For the detailed security status of python-django please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/python-django

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The detected version of the Django Python package, Django, is 4.2.x prior to 4.2.24, 5.1.x prior to 5.1.12, or 5.2.x prior to 5.2.6. It is, therefore, affected by a SQL injection vulnerability as disclosed in Django's September 3rd, 2025 security advisory. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed QuerySet.annotate() or QuerySet.alias().

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6.
    FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with     dictionary expansion, as the **kwargs passed QuerySet.annotate() or QuerySet.alias(). (CVE-2025-57833)

Note that Nessus relies on the presence of the package as reported by the vendor.

The remote SUSE Linux SLES15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:03074-1 advisory.

    - CVE-2025-57833: Fixed potential SQL injection in FilteredRelation column aliases (bsc#1248810)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 host has a package installed that is affected by a vulnerability as referenced in the USN-7736-1 advisory.

    It was discovered that Django incorrectly handled certain inputs. An attacker could possibly use this     issue to perform a SQL injection.

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 0db8684f-8938-11f0-8325-bc2411f8eb0b advisory.

    Django reports:
    CVE-2025-57833: Potential SQL injection in FilteredRelation column aliases.

Tenable has extracted the preceding description block directly from the FreeBSD security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
269754	RHEL 8 / 9 : Satellite 6.16.5.4 Async Update (Important) (RHSA-2025:17613)	Nessus	Red Hat Local Security Checks	critical
269753	RHEL 9 : Satellite 6.17.5 Async Update (Important) (RHSA-2025:17606)	Nessus	Red Hat Local Security Checks	critical
269752	RHEL 8 : Satellite 6.15.5.5 Async Update (Important) (RHSA-2025:17614)	Nessus	Red Hat Local Security Checks	high
269228	RHEL 8 : Red Hat OpenStack Platform 16.2 (python-django20) (RHSA-2025:17499)	Nessus	Red Hat Local Security Checks	high
269222	RHEL 9 : Red Hat OpenStack Services on OpenShift 18.0 (python-django) (RHSA-2025:17500)	Nessus	Red Hat Local Security Checks	high
269219	RHEL 9 : Red Hat OpenStack Platform 17.1 (python-django) (RHSA-2025:17498)	Nessus	Red Hat Local Security Checks	high
265776	RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.5 Product Security and Bug Fix Update (Important) (RHSA-2025:16487)	Nessus	Red Hat Local Security Checks	high
265711	RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update (Important) (RHSA-2025:16403)	Nessus	Red Hat Local Security Checks	high
264846	Debian dla-4301 : python-django-doc - security update	Nessus	Debian Local Security Checks	high
264623	Python Library Django 4.2.x < 4.2.24 / 5.1.x < 5.1.12 / 5.2.x < 5.2.6 SQLi	Nessus	Misc.	high
261594	Linux Distros Unpatched Vulnerability : CVE-2025-57833	Nessus	Misc.	high
261521	SUSE SLES15 / openSUSE 15 Security Update : python-Django (SUSE-SU-2025:03074-1)	Nessus	SuSE Local Security Checks	high
261429	Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 : Django vulnerability (USN-7736-1)	Nessus	Ubuntu Local Security Checks	high
261417	FreeBSD : Django -- multiple vulnerabilities (0db8684f-8938-11f0-8325-bc2411f8eb0b)	Nessus	FreeBSD Local Security Checks	high

Detections

Analytics

CVE-2025-57833

high

Tenable Plugins

critical

critical

high

high

high

high

high

high

high

high

high

high

high

high