Denial-of-Service Vulnerability in Django Authentication Views
CVE-2025-27556

5.8MEDIUM

Key Information:

Vendor: Djangoproject
Status: Django
Vendor: CVE Published:; 2 April 2025

🔔 Create Djangoproject Vulnerability Alert

What is CVE-2025-27556?

A vulnerability has been identified in Django versions prior to 5.1.8 and 5.0.14, where NFKC normalization can be exploited on Windows systems, potentially leading to a Denial-of-Service attack. Specifically, the django.contrib.auth.views.LoginView and LogoutView, along with django.views.i18n.set_language, are susceptible to performance degradation if exposed to inputs containing a substantial number of Unicode characters. This flaw underscores the importance of safeguarding against potential input overloads to maintain application integrity.

Affected Version(s)

Django 5.0 < 5.0.14

Django 5.1 < 5.1.8

References

https://docs.djangoproject.com/en/dev/releases/security/

https://groups.google.com/g/django-announce

https://www.djangoproject.com/weblog/2025/apr/02/security...

CVSS V3.1

Score:

5.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 2, 2025
Vulnerability Reserved
Mar 2, 2025

JSON