CVE-2025-61912

CVSS v4.0

6.9

Medium

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions python-ldap versions prior to 3.4.5

Description python-ldap is a lightweight directory access protocol (LDAP) client API for Python. The ldap.dn.escape dn chars() function incorrectly escapes x00 by emitting a backslash followed by a literal NUL byte instead of the RFC-4514 hex form 00. This can cause applications using this helper to construct Distinguished Names (DNs) from untrusted input to fail before a request is sent to the LDAP server, resulting in a client-side denial of service.

Recommendations Update to python-ldap version 3.4.5 or later.

Exploit

Fix

DoS

Improper Encoding or Escaping of Output

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-116CWE-170

Related Identifiers

AZL-68433

AZL-68454

BDU:2026-02915

CVE-2025-61912

GHSA-P34H-WQ7J-H5V6

OESA-2025-2681

OESA-2025-2682

OESA-2025-2684

OESA-2025-2685

OESA-2025-2686

OESA-2026-1248

OPENSUSE-SU-2025:15637-1

OPENSUSE-SU-2026:20421-1

SUSE-SU-2025:3695-1

SUSE-SU-2025:3714-1

SUSE-SU-2026:20933-1

USN-7828-1

Affected Products

Debian

Linuxmint

Red Os

Ubuntu

Python-Ldap

CVE-2025-61912

Weakness Enumeration

Related Identifiers

Affected Products

References · 62