## https://sploitus.com/exploit?id=9F34A1D4-2A73-5F6C-88A0-27DA95723E75
# CVE-2025-64459-Exploit-PoC
CVE-2025-64459: Critical RCE in Django QuerySet
Severity: Critical (9.8/10)
Status: Active Exploitation Detected
Date: December 2025
๐จ Vulnerability Description
A critical Remote Code Execution (RCE) vulnerability has been discovered in Django versions 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.
The issue lies within the QuerySet method, where improper sanitization of user input allows unauthenticated attackers to inject malicious SQL commands or execute arbitrary code on the server.
Affected Versions
Django 5.1 < 5.1.14
Django 4.2 < 4.2.26
Django 5.2 < 5.2.8
๐ ๏ธ Proof of Concept (PoC) & Mitigation
Due to the critical nature of this vulnerability, I am not releasing the full exploit chain publicly to prevent abuse by script kiddies.
However, I have released a System Check Script and a Step-by-Step Patching Guide to help sysadmins secure their infrastructure immediately.
๐ด ([Download the Fix & Analysis](https://github.com/ALPYAHYA/CVE-2025-64459-Exploit-PoC/blob/main/check_vuln.py))
I have documented the full technical analysis, IOCs (Indicators of Compromise), and the clean-up script on my security research blog:
๐ VIEW FULL EXPLOIT ANALYSIS & FIX HERE
([Note: Go to the link above to verify if your server IP is vulnerable](https://www.secreport.online/2025/12/cve-2025-64459-security-alert.html))
Disclaimer
This repository is for educational purposes and defense simulation only. The author is not responsible for illegal use of this information. Update your systems immediately.