CVE-2025-48432

Published Jun 5, 2025

Last updated a month ago

CVSS medium 4.0

Overview

Description
An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems.
Source
cve@mitre.org
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
4
Impact score
1.4
Exploitability score
2.2
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
Severity
MEDIUM

Weaknesses

cve@mitre.org
CWE-117

Social media

Hype score
Not currently trending

  1. URGENT: Fedora 42 Django security update! 🔹 Fixes CVE-2025-32873 (strip_tags() DoS) 🔹 Patches CVE-2025-48432 (log injection) Update NOW: Read more: 👉 https://t.co/iKuOxnqzDi #LinuxSecurity #WebSecurity #SysAdmin https://t.co/foeoBK4cAC

    @Cezar_H_Linux

    19 Jun 2025

    35 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Urgent: #Fedora41 Django security update fixes: 🔴 CVE-2025-32873 - DoS in strip_tags() 🔴 CVE-2025-48432 - Log injection risk Update NOW: sudo dnf upgrade --advisory FEDORA-2025-2dff80a8a3 Read more: 👉 https://t.co/geh4cYKrAb #CyberSecurity #Django https://t.co/5IBgGVJ

    @Cezar_H_Linux

    19 Jun 2025

    37 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚀 Patch Alert! CVE-2025-48432 in Django (CVSS 6.9) allows log injection on #SUSE/#openSUSE. Fix via zypper patch now! Read more:👉 https://t.co/VgR0wD16rJ https://t.co/QAP7Sf6qx9

    @Cezar_H_Linux

    16 Jun 2025

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. ⚠️⚠️ CVE-2025-48432: Potential log injection via unescaped request path 🔥1.6m+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🎯FOFA Link: https://t.co/xChRxCUIUV FOFA Query:app="django" 🔖Refer:https://t.co/tB14pdkXg6 #OSINT #FOFA #CyberSecurity #Vu

    @fofabot

    11 Jun 2025

    1077 Impressions

    7 Retweets

    18 Likes

    11 Bookmarks

    0 Replies

    0 Quotes

  5. 🚨Alert🚨CVE-2025-48432 : Potential log injection via unescaped request path 📊9.2M+Services are found on the https://t.co/ysWb28Crld yearly. 🔗Hunter Link:https://t.co/VJntCkc3qe 👇Query HUNTER : https://t.co/q9rtuGgxk7="Django" FOFA : product="django" https://t.co/G89

    @HunterMapping

    11 Jun 2025

    3208 Impressions

    22 Retweets

    60 Likes

    28 Bookmarks

    0 Replies

    0 Quotes

  6. CVE-2025-48432 An issue was discovered in Django 5.2 before 5.2.2, 5.1 before 5.1.10, and 4.2 before 4.2.22. Internal HTTP response logging does not escape request.path, which allow… https://t.co/2YJIh2yVN6

    @CVEnew

    5 Jun 2025

    702 Impressions

    1 Retweet

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.