Denial-of-Service Vulnerability in Django Framework Affecting Multiple Versions
CVE-2025-64458

7.5HIGH

Key Information:

Vendor

Djangoproject

Status
Django
Vendor
CVE Published:
5 November 2025

What is CVE-2025-64458?

A vulnerability in the Django framework allows for a potential denial-of-service attack, specifically affecting the handling of Unicode characters on Windows systems. This issue arises from slow NFKC normalization processes in various response handling functions like HttpResponseRedirect and shortcut redirect. The vulnerability impacts specific product versions, and earlier unsupported series may be at risk as well. Properly limiting the use of Unicode inputs is critical to mitigating this risk. The Django community acknowledges the report by Seokchan Yoon regarding this issue.

Affected Version(s)

Django 5.2 < 5.2.8

Django 5.1 < 5.1.14

Django 4.2 < 4.2.26

References

https://docs.djangoproject.com/en/dev/releases/security/
vendor-advisory
https://groups.google.com/g/django-announce
mailing-list
https://www.djangoproject.com/weblog/2025/nov/05/security...
vendor-advisory

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Seokchan Yoon
Jacob Walls
Natalia Bidart
JSON
.
CVE-2025-64458 : Denial-of-Service Vulnerability in Django Framework Affecting Multiple Versions