CVE-2025-61911

CVSS v4.0

6.9

Medium

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions python-ldap versions prior to 3.4.5

Description The ldap.filter.escape filter chars method in python-ldap can be exploited to bypass character escaping when a crafted list or dict is provided as the assertion value parameter, and escape mode is set to 1. This can lead to LDAP injection attacks, potentially allowing unauthorized disclosure or manipulation of LDAP data. The issue occurs because the method does not adequately ensure a fully escaped return value in this specific configuration. The vulnerable method is ldap.filter.escape filter chars.

Recommendations Upgrade to python-ldap version 3.4.5 or later.

Exploit

Fix

Type Confusion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-843CWE-75

Related Identifiers

AZL-68430

AZL-68451

BDU:2026-02913

CVE-2025-61911

GHSA-R7R6-CC7P-4V5M

OESA-2025-2681

OESA-2025-2682

OESA-2025-2683

OESA-2025-2684

OESA-2025-2685

OESA-2025-2686

OPENSUSE-SU-2025:15637-1

OPENSUSE-SU-2026:20421-1

SUSE-SU-2025:3695-1

SUSE-SU-2025:3714-1

SUSE-SU-2026:20933-1

USN-7828-1

Affected Products

Debian

Linuxmint

Red Os

Ubuntu

Python-Ldap

CVE-2025-61911

Weakness Enumeration

Related Identifiers

Affected Products

References · 61