N/A

CVSS Score

-

CVSS Score

Basic Information

CVE ID

CVE-2025-61385

GHSA ID

GHSA-wq2g-r956-j8cc

EPSS Score

CWE

CWE-89

Published

10/27/2025

Updated

10/27/2025

KEV Status

Technology

Python

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-61385

CVE-2025-61385: pg8000 SQL injection vulnerability via a specially crafted Python list input

SQL injection vulnerability in tlocke pg8000 1.31.4 allows remote attackers to execute arbitrary SQL commands via a specially crafted Python list input to function pg8000.native.literal.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2025-61385

CVE-2025-61385:

N/A

CVSS Score

-

CVSS Score

Basic Information

CVE ID

CVE-2025-61385

GHSA ID

GHSA-wq2g-r956-j8cc

EPSS Score

CWE

CWE-89

Published

10/27/2025

Updated

10/27/2025

KEV Status

Technology

Python

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
pg8000	pip	<= 1.31.4	1.31.5

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The analysis is based on the detailed vulnerability description provided, which explicitly names the vulnerable function pg8000.native.literal and the nature of the vulnerability (SQL injection via crafted list input). Despite being unable to fetch the specific commit patch due to accessibility issues with the provided URLs, the description provides sufficient detail to identify the vulnerable function with a high degree of confidence. The root cause of the vulnerability is the improper handling of list inputs within the literal function, which allows for the injection of malicious SQL code.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

N/A

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2025-61385: pg8000 SQL injection vulnerability via a specially crafted Python list input

CVE-2025-61385:

N/A

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Technical Details

CVE-2025-61385: pg8000 SQL injection vulnerability via a specially crafted Python list input

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Basic Information

Basic Information

N/A

N/A

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI