Share
## https://sploitus.com/exploit?id=9F34A1D4-2A73-5F6C-88A0-27DA95723E75
# CVE-2025-64459-Exploit-PoC
CVE-2025-64459: Critical RCE in Django QuerySet

Severity: Critical (9.8/10)

Status: Active Exploitation Detected

Date: December 2025

๐Ÿšจ Vulnerability Description

A critical Remote Code Execution (RCE) vulnerability has been discovered in Django versions 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.

The issue lies within the QuerySet method, where improper sanitization of user input allows unauthenticated attackers to inject malicious SQL commands or execute arbitrary code on the server.

Affected Versions

Django 5.1 < 5.1.14

Django 4.2 < 4.2.26

Django 5.2 < 5.2.8

๐Ÿ› ๏ธ Proof of Concept (PoC) & Mitigation

Due to the critical nature of this vulnerability, I am not releasing the full exploit chain publicly to prevent abuse by script kiddies.

However, I have released a System Check Script and a Step-by-Step Patching Guide to help sysadmins secure their infrastructure immediately.

๐Ÿ”ด ([Download the Fix & Analysis](https://github.com/ALPYAHYA/CVE-2025-64459-Exploit-PoC/blob/main/check_vuln.py))

I have documented the full technical analysis, IOCs (Indicators of Compromise), and the clean-up script on my security research blog:

๐Ÿ‘‰ VIEW FULL EXPLOIT ANALYSIS & FIX HERE

([Note: Go to the link above to verify if your server IP is vulnerable](https://www.secreport.online/2025/12/cve-2025-64459-security-alert.html))

Disclaimer

This repository is for educational purposes and defense simulation only. The author is not responsible for illegal use of this information. Update your systems immediately.