CVE-2025-64458

Name of the Vulnerable Software and Affected Versions Django versions prior to 4.2.26 Django versions prior to 5.1.14 Django versions prior to 5.2.8 Django versions 5.0.x and earlier Django versions 4.1.x and earlier Django versions 3.2.x and earlier

Description The issue relates to algorithmic complexity within the django.http.HttpResponseRedirect() and django.http.HttpResponsePermanentRedirect() functions, and the django.shortcuts.redirect shortcut. The slow performance of NFKC normalization in Python on Windows can be exploited to trigger a denial-of-service (DoS) condition by providing specially crafted inputs containing a large number of Unicode characters. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) may also be affected.

Recommendations Upgrade to Django version 4.2.26 or later. Upgrade to Django version 5.1.14 or later. Upgrade to Django version 5.2.8 or later. Upgrade to a newer version of Django that addresses this issue if using versions 5.0.x, 4.1.x, or 3.2.x.