Denial of Service Vulnerability in python-ldap Client API by Python
CVE-2025-61912

5.5MEDIUM

Key Information:

Vendor

Python-ldap

Status
Python-ldap
Vendor
CVE Published:
10 October 2025

What is CVE-2025-61912?

The python-ldap client API for Python, specifically versions prior to 3.4.5, contains a vulnerability in the ldap.dn.escape_dn_chars() function. This function improperly escapes NULL bytes by emitting a backslash followed by a literal NUL byte instead of the appropriate RFC-4514 hex representation. As a result, any application utilizing this function with untrusted input can face consistent failures before sending requests to LDAP servers, such as Active Directory. The issue has been addressed in version 3.4.5 with a patch provided to mitigate the risks.

Affected Version(s)

python-ldap < 3.4.5

References

https://github.com/python-ldap/python-ldap/security/advis...
x_refsource_CONFIRM
https://github.com/python-ldap/python-ldap/commit/6ea8032...
x_refsource_MISC
https://github.com/python-ldap/python-ldap/releases/tag/p...
x_refsource_MISC

CVSS V4

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-61912 : Denial of Service Vulnerability in python-ldap Client API by Python