diff --git a/javascript/ql/src/Security/CWE-116/DoubleEscaping.ql b/javascript/ql/src/Security/CWE-116/DoubleEscaping.ql
index 302ffeeac702..cfc475427e55 100644
--- a/javascript/ql/src/Security/CWE-116/DoubleEscaping.ql
+++ b/javascript/ql/src/Security/CWE-116/DoubleEscaping.ql
@@ -125,9 +125,11 @@ from Replacement primary, Replacement supplementary, string message, string meta
 where
   primary.escapes(metachar, _) and
   supplementary = primary.getAnEarlierEscaping(metachar) and
-  message = "may double-escape '" + metachar + "' characters from $@"
+  message = "may double-escape '" + metachar.replaceAll("\\", "\\\\") + "' characters from $@"
   or
   primary.unescapes(_, metachar) and
   supplementary = primary.getALaterUnescaping(metachar) and
-  message = "may produce '" + metachar + "' characters that are double-unescaped $@"
+  message =
+    "may produce '" + metachar.replaceAll("\\", "\\\\") +
+      "' characters that are double-unescaped $@"
 select primary, "This replacement " + message + ".", supplementary, "here"
diff --git a/javascript/ql/src/change-notes/2025-06-23-double-escaping.md b/javascript/ql/src/change-notes/2025-06-23-double-escaping.md
new file mode 100644
index 000000000000..312d365fbb38
--- /dev/null
+++ b/javascript/ql/src/change-notes/2025-06-23-double-escaping.md
@@ -0,0 +1,4 @@
+---
+category: fix
+---
+* The `js/double-escaping` query now correctly displays backslash metacharacters in alert messages.
diff --git a/javascript/ql/test/query-tests/Security/CWE-116/DoubleEscaping/DoubleEscaping.expected b/javascript/ql/test/query-tests/Security/CWE-116/DoubleEscaping/DoubleEscaping.expected
index 9ec4549b7f69..1cd45b8c7b42 100644
--- a/javascript/ql/test/query-tests/Security/CWE-116/DoubleEscaping/DoubleEscaping.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-116/DoubleEscaping/DoubleEscaping.expected
@@ -2,7 +2,7 @@
 | tst.js:20:10:20:33 | s.repla ... g, "&") | This replacement may produce '&' characters that are double-unescaped $@. | tst.js:20:10:21:35 | s.repla ... , "\\"") | here |
 | tst.js:30:10:30:33 | s.repla ... g, "&") | This replacement may produce '&' characters that are double-unescaped $@. | tst.js:30:10:32:34 | s.repla ... g, "'") | here |
 | tst.js:47:7:47:30 | s.repla ... g, "&") | This replacement may produce '&' characters that are double-unescaped $@. | tst.js:48:7:48:32 | s.repla ... , "\\"") | here |
-| tst.js:53:10:53:33 | s.repla ... , '\\\\') | This replacement may produce '\\' characters that are double-unescaped $@. | tst.js:53:10:54:33 | s.repla ... , '\\'') | here |
+| tst.js:53:10:53:33 | s.repla ... , '\\\\') | This replacement may produce '\\\\' characters that are double-unescaped $@. | tst.js:53:10:54:33 | s.repla ... , '\\'') | here |
 | tst.js:60:7:60:28 | s.repla ...  '%25') | This replacement may double-escape '%' characters from $@. | tst.js:59:7:59:28 | s.repla ...  '%26') | here |
 | tst.js:68:10:70:38 | s.repla ... &amp;") | This replacement may double-escape '&' characters from $@. | tst.js:68:10:69:39 | s.repla ... apos;") | here |
 | tst.js:79:10:79:66 | s.repla ... &amp;") | This replacement may double-escape '&' characters from $@. | tst.js:79:10:79:43 | s.repla ... epl[c]) | here |