CVE-2025-64458

216.73.217.22

· Published 05/11/2025 15:15 · Modified 10/11/2025 18:33

Labels: CVE-2025-64458 2025-11-05 6a34fbeb-21d4-45e7-8e0a-62b95bc12c92 CVE-2025-64458 CWE-407

Essential information

Published: 05/11/2025 15:15
Modified: 10/11/2025 18:33
Author: —
Creator: —
CVSS: 7.5 HIGH (v3.1)
CISA KEV: No
CWE: —
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS metrics

Description

An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. NFKC normalization in Python is slow on Windows. As a consequence, `django.http.HttpResponseRedirect`, `django.http.HttpResponsePermanentRedirect`, and the shortcut `django.shortcuts.redirect` were subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Seokchan Yoon for reporting this issue.

NVD status

Status: Analyzed — CVE has had analysis completed and all data associations made.
Source: 6a34fbeb-21d4-45e7-8e0a-62b95bc12c92
NVD: View on NVD

Affected products (CPE)

Product	CPE
djangoproject / django	`cpe:2.3:a:djangoproject:django::::::::`
djangoproject / django	`cpe:2.3:a:djangoproject:django::::::::`
djangoproject / django	`cpe:2.3:a:djangoproject:django::::::::`