CVE-2025-69662: geopandas SQL Injection Vulnerability in to_postgis() Allows Information Disclosure
(updated )
SQL injection vulnerability in geopandas before v.1.1.2 allows an attacker to obtain sensitive information via the to_postgis()` function being used to write GeoDataFrames to a PostgreSQL database.
References
- aydinnyunus.github.io/2025/12/27/sql-injection-geopandas
- github.com/advisories/GHSA-6497-prx7-gpmq
- github.com/geopandas/geopandas
- github.com/geopandas/geopandas/commit/6aa8ef14ffdee4ba1044349ab948e1a1fbfaf419
- github.com/geopandas/geopandas/issues/3679
- github.com/geopandas/geopandas/pull/3681
- github.com/geopandas/geopandas/releases/tag/v1.1.2
- nvd.nist.gov/vuln/detail/CVE-2025-69662
Code Behaviors & Features
Detect and mitigate CVE-2025-69662 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →