Denial-of-Service Vulnerability in Django Framework Affecting Multiple Versions
CVE-2025-64458

7.5HIGH

Key Information:

Vendor

Djangoproject

Status
Django
Vendor
CVE Published:
5 November 2025

Badges

πŸ‘Ύ Exploit Exists🟑 Public PoCπŸ“° News Worthy

What is CVE-2025-64458?

CVE-2025-64458 is a denial-of-service vulnerability identified in the Django Framework, a widely-used open-source web framework for Python applications that facilitates rapid development and clean, pragmatic design. This particular vulnerability impacts multiple versions of Django, specifically those prior to 5.1.14, 4.2.26, and 5.2.8. The issue resides in the normalization process for Unicode characters, where certain inputs that contain an excessive number of characters can lead to significant performance degradation on Windows systems. This situation can potentially render applications unresponsive, as users might experience delays or complete failures in obtaining necessary navigation responses from the web application.

Given the prevalence of Django in web development, organizations relying on this framework could encounter major operational disruptions if attackers exploit this vulnerability. In addition to loss of service, organizations may suffer reputational harm and increased operational costs associated with restoring service and mitigating the aftermath of an attack.

Potential impact of CVE-2025-64458

  1. Service Disruption: The primary impact of this vulnerability is the potential for application downtime. An effective denial-of-service attack could lead to prolonged disruption of services, making web applications unavailable to legitimate users and hampering business operations.

  2. Increased IT Costs: Organizations may incur significant costs due to the need for urgent incident response efforts, including re-evaluating infrastructure, patching systems, and possibly investing in additional resources to handle peak traffic or mitigate the effects of an attack.

  3. Reputational Damage: Frequent service interruptions can lead to loss of customer trust and brand loyalty. Customers may turn to competitors if they perceive a lack of reliability, resulting in long-term financial implications for affected businesses.

Affected Version(s)

Django 5.2 < 5.2.8

Django 5.1 < 5.1.14

Django 4.2 < 4.2.26

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-64458-Demo
Created by ch4n3-yoon

News Articles

favicon imageCyberSecurityNews

Multiple Django Vulnerabilities Enable SQL injection and DoS Attack

Django, one of the most popular Python web development frameworks, has disclosed two critical security vulnerabilities that could allow attackers to execute SQL injection attacks and launch denial-of-service attacks.

favicon imageCyberSecurityNews

Multiple Django Vulnerabilities Enable SQL injection and DoS Attack

Django, one of the most popular Python web development frameworks, has disclosed two critical security vulnerabilities that could allow attackers to execute SQL injection attacks and launch denial-of-service attacks.

References

https://docs.djangoproject.com/en/dev/releases/security/
vendor-advisory
https://groups.google.com/g/django-announce
mailing-list
https://www.djangoproject.com/weblog/2025/nov/05/security...
vendor-advisory

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ“°

    First article discovered by CyberSecurityNews

  • Vulnerability published

  • Vulnerability Reserved

Credit

Seokchan Yoon
Jacob Walls
Natalia Bidart
JSON
.
CVE-2025-64458 : Denial-of-Service Vulnerability in Django Framework Affecting Multiple Versions