CVE-2025-61385 identifies a critical SQL injection vulnerability in the pg8000 Python library, version 1.31.4. The flaw resides in the pg8000.native.literal function, which improperly handles Python list inputs, allowing attackers to inject arbitrary SQL commands remotely. This vulnerability arises because the function does not adequately sanitize or parameterize inputs when converting Python data structures into SQL literals, leading to injection vectors. Exploiting this vulnerability could enable attackers to execute unauthorized SQL commands, potentially leading to data leakage, data corruption, or denial of service by manipulating database queries. The vulnerability affects any application using pg8000 for PostgreSQL database connectivity that passes user-controllable list inputs to the vulnerable function. Although no patches or fixes have been published yet, the vulnerability has been officially reserved and published in the CVE database as of late 2025. No known exploits have been observed in the wild, but the nature of SQL injection vulnerabilities makes exploitation feasible, especially in exposed or poorly secured environments. The lack of a CVSS score necessitates an assessment based on the impact on confidentiality, integrity, and availability, ease of exploitation, and scope of affected systems. Given that pg8000 is a popular pure-Python PostgreSQL driver used in various enterprise and cloud applications, the scope is significant. The vulnerability does not require authentication or user interaction, increasing its risk profile.

For European organizations, the impact of CVE-2025-61385 can be substantial. Organizations using pg8000 in their Python applications to interface with PostgreSQL databases may face risks of unauthorized data access, data manipulation, or service disruption. This is particularly critical for sectors handling sensitive or regulated data such as finance, healthcare, government, and critical infrastructure. Exploitation could lead to breaches of personal data protected under GDPR, resulting in legal and financial penalties. Additionally, compromised databases could disrupt business operations or damage organizational reputation. The vulnerability's remote exploitation capability without authentication increases the attack surface, especially for internet-facing applications or APIs. Organizations relying on cloud services or containerized environments that include pg8000 are also at risk if the vulnerable version is deployed. The absence of a patch means organizations must rely on mitigations until an official fix is available, increasing exposure duration.

To mitigate CVE-2025-61385, European organizations should immediately audit their use of the pg8000 library and identify any instances of version 1.31.4 or earlier that may be vulnerable. Until a patch is released, organizations should implement strict input validation and sanitization on all user inputs passed to database queries, especially those involving Python list inputs to pg8000.native.literal. Employing parameterized queries or prepared statements wherever possible can reduce injection risks. Database user permissions should be minimized following the principle of least privilege to limit the impact of any successful injection. Monitoring and logging database queries for unusual or suspicious activity can help detect exploitation attempts early. Network-level protections such as web application firewalls (WAFs) can be configured to detect and block SQL injection patterns. Organizations should also prepare to update or patch pg8000 promptly once a fix becomes available. Finally, conducting security awareness and secure coding training for developers can prevent similar vulnerabilities in the future.