CVE-2025-27556

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Django versions 5.1 before 5.1.8 Django versions 5.0 before 5.0.14

Description An issue was discovered where the NFKC normalization is slow on Windows, making certain views subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. The affected views include django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set language.

Recommendations For Django versions 5.1 before 5.1.8, update to version 5.1.8 or later. For Django versions 5.0 before 5.0.14, update to version 5.0.14 or later.

Fix

DoS

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

ALT-PU-2025-10176

BDU:2025-05049

BIT-DJANGO-2025-27556

CVE-2025-27556

GHSA-WQFG-M96J-85VM

OPENSUSE-SU-2025:14986-1

OPENSUSE-SU-2026:10005-1

PYSEC-2025-14

Affected Products

Alt Linux

Django

CVE-2025-27556

Weakness Enumeration

Related Identifiers

Affected Products

References · 94