PT-2025-23836 · Django+5 · Django+5

Seokchan Yoon

Published

2025-06-04

Updated

2026-01-15

CVE-2025-48432

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Django versions 4.2 through 4.2.22 Django versions 5.1 through 5.1.10 Django versions 5.2 through 5.2.2

Description An issue was discovered in Django where internal HTTP response logging does not escape request.path, allowing remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. Approximately 1,696,617 results are found to be potentially affected.

Recommendations For Django version 4.2, update to version 4.2.22 or later. For Django version 5.1, update to version 5.1.10 or later. For Django version 5.2, update to version 5.2.2 or later.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-117CWE-89

Related Identifiers

ALT-PU-2025-10176

BDU:2025-06450

BDU:2025-11748

BIT-DJANGO-2025-48432

CVE-2025-48432

DLA-4210-1

ECHO-5AC0-DAB3-BD4D

GHSA-7XR5-9HCQ-CHF9

MGASA-2025-0193

OESA-2025-1617

OESA-2025-1618

OESA-2025-1619

OESA-2025-1642

OESA-2025-1643

OPENSUSE-SU-2025:15267-1

OPENSUSE-SU-2025:15268-1

OPENSUSE-SU-2026:10005-1

PYSEC-2025-47

RHSA-2025:14686

RHSA-2025:16487

SUSE-SU-2025:01952-1

SUSE-SU-2025:02248-1

USN-7555-1

USN-7555-2

USN-7555-3

Affected Products

Alt Linux

Debian

Django

Linuxmint

Red Os

Ubuntu

PT-2025-23836 · Django+5 · Django+5

CVE-2025-48432

Weakness Enumeration

Related Identifiers

Affected Products

References · 158