PT-2025-48704 · Django+4 · Django+4

Natalia Bidart

Published

2025-11-14

Updated

2026-02-13

CVE-2025-64460

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Django versions 4.2 through 4.2.26 Django versions 5.1 through 5.1.14 Django versions 5.2 through 5.2.8

Description An issue exists in the way Django handles XML input. Specifically, algorithmic complexity within the django.core.serializers.xml serializer.getInnerText() function can lead to a denial-of-service condition. A remote attacker could potentially exhaust CPU and memory resources by providing specially crafted XML input to the XML Deserializer.

Recommendations Update to Django version 5.2.9 or later. Update to Django version 5.1.15 or later. Update to Django version 4.2.27 or later.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-150CWE-407

Related Identifiers

BDU:2025-15637

BDU:2026-01121

BIT-DJANGO-2025-64460

CVE-2025-64460

DLA-4425-1

ECHO-B160-53DB-8B4B

GHSA-VRCR-9HJ9-JCG6

MGASA-2025-0320

OESA-2026-1342

OPENSUSE-SU-2025:15805-1

OPENSUSE-SU-2025:15806-1

OPENSUSE-SU-2025:20153-1

OPENSUSE-SU-2026:10005-1

PYSEC-2025-109

RHSA-2026:1249

RHSA-2026:1497

RHSA-2026:1506

SUSE-SU-2025:4384-1

USN-7903-1

Affected Products

Debian

Django

Linuxmint

Red Os

Ubuntu

PT-2025-48704 · Django+4 · Django+4

CVE-2025-64460

Weakness Enumeration

Related Identifiers

Affected Products

References · 131