How to fix CVE-2025-69662?

Within 24 hours: Identify all systems and applications using geopandas versions prior to 1.1.2, particularly those connected to production PostgreSQL databases. Within 7 days: Upgrade geopandas to version 1.1.2 or later across all affected systems; prioritize production environments. Within 30 days: Complete comprehensive patching of all development, testing, and non-production systems; conduct security testing to validate the patch deployment.

Is PostgreSQL affected by CVE-2025-69662?

A SQL injection vulnerability in geopandas versions before 1.1.2 could allow attackers to extract sensitive data from PostgreSQL databases when organizations use the to_postgis() function to write geographic data.

CVE-2025-69662

HIGH

2026-01-30 [email protected]

GHSA-6497-prx7-gpmq

8.6

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:00 vuln.today

PoC Detected

Feb 11, 2026 - 18:58 vuln.today

Public exploit code

Patch Released

Feb 11, 2026 - 18:58 nvd

Patch available

CVE Published

Jan 30, 2026 - 19:16 nvd

HIGH 8.6

Description

SQL injection vulnerability in geopandas before v.1.1.2 allows an attacker to obtain sensitive information via the to_postgis()` function being used to write GeoDataFrames to a PostgreSQL database.

Analysis

SQL injection vulnerability in geopandas before v.1.1.2 allows an attacker to obtain sensitive information via the to_postgis()` function being used to write GeoDataFrames to a PostgreSQL database. [CVSS 8.6 HIGH]

Technical Context

Classified as CWE-89 (SQL Injection). Affects Geopandas. SQL injection vulnerability in geopandas before v.1.1.2 allows an attacker to obtain sensitive information via the to_postgis()` function being used to write GeoDataFrames to a PostgreSQL database.

Affected Products

Vendor: Geopandas. Product: Geopandas.

Remediation

A vendor patch is available — apply it immediately. Use parameterized queries. Implement input validation. Restrict network access to the affected service where possible.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +43

POC: +20

Vendor Status

CVE-2025-69662 vulnerability details – vuln.today

Back

CVE-2025-69662

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Share

CVE-2025-69662

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Share

External POC / Exploit Code