Denial-of-Service Vulnerability in Django Framework Affecting Multiple Versions
CVE-2025-64458
Key Information:
- Vendor
Djangoproject
- Status
- Vendor
- CVE Published:
- 5 November 2025
Badges
What is CVE-2025-64458?
A vulnerability in the Django framework allows for a potential denial-of-service attack, specifically affecting the handling of Unicode characters on Windows systems. This issue arises from slow NFKC normalization processes in various response handling functions like HttpResponseRedirect and shortcut redirect. The vulnerability impacts specific product versions, and earlier unsupported series may be at risk as well. Properly limiting the use of Unicode inputs is critical to mitigating this risk. The Django community acknowledges the report by Seokchan Yoon regarding this issue.
Affected Version(s)
Django 5.2 < 5.2.8
Django 5.1 < 5.1.14
Django 4.2 < 4.2.26
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
Multiple Django Vulnerabilities Enable SQL injection and DoS Attack
Django, one of the most popular Python web development frameworks, has disclosed two critical security vulnerabilities that could allow attackers to execute SQL injection attacks and launch denial-of-service attacks.
3 weeks ago
CyberSecurityNewsMultiple Django Vulnerabilities Enable SQL injection and DoS Attack
Django, one of the most popular Python web development frameworks, has disclosed two critical security vulnerabilities that could allow attackers to execute SQL injection attacks and launch denial-of-service attacks.
3 weeks ago
References
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
- 📰
First article discovered by CyberSecurityNews
Vulnerability published
Vulnerability Reserved