CVE-2025-48383

CVSS v3.1

8.2

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Name of the Vulnerable Software and Affected Versions Django-Select2 versions prior to 8.4.1

Description The issue affects instances of HeavySelect2Mixin subclasses, such as the ModelSelect2MultipleWidget and ModelSelect2Widget, allowing secret access tokens to leak across requests. This can enable users to access restricted query sets and data.

Recommendations For versions prior to 8.4.1, update to version 8.4.1 to resolve the issue. As a temporary workaround, consider restricting access to instances of HeavySelect2Mixin subclasses until the update is applied.

Exploit

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-402CWE-918

Related Identifiers

CVE-2025-48383

GHSA-WJRH-HJ83-3WH7

Affected Products

Django-Select2

CVE-2025-48383

Weakness Enumeration

Related Identifiers

Affected Products

References · 17