AI description
CVE-2025-64458 affects Django's HTTP redirect handling on Windows systems. The vulnerability lies in the `HttpResponseRedirect` and `HttpResponsePermanentRedirect` functions. It is caused by slow NFKC normalization in Python on Windows. An attacker could exploit this by sending crafted URLs with excessive Unicode characters. This can cause Django's redirect functions to consume large amounts of CPU time, potentially leading to performance degradation or a denial-of-service. Django versions 5.2, 5.1, 4.2, and the beta version 6.0 are affected. Patches have been released in versions 5.2.8, 5.1.14, and 4.2.26.
- Description
- An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. NFKC normalization in Python is slow on Windows. As a consequence, `django.http.HttpResponseRedirect`, `django.http.HttpResponsePermanentRedirect`, and the shortcut `django.shortcuts.redirect` were subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Seokchan Yoon for reporting this issue.
- Source
- 6a34fbeb-21d4-45e7-8e0a-62b95bc12c92
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- HIGH
- 6a34fbeb-21d4-45e7-8e0a-62b95bc12c92
- CWE-407
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
9
🚨 Múltiples vulnerabilidades de Django permiten la inyección SQL y ataques DoS ⚠️ CVE-2025-64459 CVE-2025-64458 https://t.co/2L1AqvrYrK https://t.co/6ULJOZ4YpG
@elhackernet
8 Nov 2025
2426 Impressions
4 Retweets
20 Likes
4 Bookmarks
0 Replies
0 Quotes
⚠️Vulnerabilidades en productos Django ❗CVE-2025-64459 ❗CVE-2025-64458 ➡️Más info: https://t.co/t7BsfWczrX https://t.co/6nLuQNOiPH
@CERTpy
7 Nov 2025
83 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🎯#Django 緊急アップデート Django セキュリティチームが 2025-11-05 にパッチを公開しました。SQLインジェクション(CVE-2025-64459)および DoS(CVE-2025-64458)に対処済みです。 Criminal IP では26,996台の露出が確認され
@CriminalIP_JP
7 Nov 2025
155 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🎯 #Django Emergency Security Update (CVE-2025-64458 / CVE-2025-64459) A security patch that fixes SQL injection and Denial-of-Service (DoS) vulnerabilities has been distributed. (Affected versions: Django 4.2 / 5.1 / 5.2 / 6.0 (beta)) According to Criminal IP threat hunting h
@CriminalIP_US
7 Nov 2025
903 Impressions
3 Retweets
3 Likes
3 Bookmarks
0 Replies
0 Quotes
🎯 #Django 긴급 보안 업데이트 (CVE-2025-64458 / CVE-2025-64459) SQL 인젝션및 서비스 거부(DoS) 취약점을 수정한 보안 패치를 배포되었습니다. (영향 버전: Django4.2 / 5.1 / 5.2 / 6.0 (beta)) Criminal IP 위협 헌팅 결과, 전 세계 26,996
@CriminalIP_KR
7 Nov 2025
69 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
2 CVEs in Django https://t.co/zVVMhipLcl CVE-2025-64458: Potential denial-of-service vulnerability in HttpResponseRedirect and HttpResponsePermanentRedirect on Windows CVE-2025-64459: Potential SQL injection via _connector keyword argument in QuerySet and Q objects
@oss_security
7 Nov 2025
416 Impressions
0 Retweets
3 Likes
1 Bookmark
0 Replies
0 Quotes
برای Django دو آسیب پذیری با کدهای شناسایی CVE-2025-64458 از نوع DOS و CVE-2025-64459 از نوع Sqlinjection منتشر شده است . اگر از نسخه های 4.2, 5.1, 5.2 این محصول استفاده می کنید ، حتما پچ
@EthicalSafe
6 Nov 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨🚨Django Patches Two High-Severity Vulnerabilities CVE-2025-64459(CVSS 9.1): High-Severity SQL Injection via _connector Keyword CVE-2025-64458(CVSS 7.5): Moderate Denial-of-Service (DoS) on Windows via Unicode Redirects ZoomEye Dork👉app="Django" 189.7k+ exposed instanc
@zoomeye_team
6 Nov 2025
5815 Impressions
13 Retweets
39 Likes
13 Bookmarks
0 Replies
1 Quote