CVE-2025-14550

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Django versions 6.0 through 6.0.1 Django versions 5.2 through 5.2.10 Django versions 4.2 through 4.2.27 Django versions 5.0.x and earlier Django versions 4.1.x and earlier Django versions 3.2.x and earlier

Description The ASGIRequest component is susceptible to a denial-of-service condition. A remote attacker can exploit this by sending a specially crafted request containing duplicate headers.

Recommendations Update Django to version 6.0.2 or later. Update Django to version 5.2.11 or later. Update Django to version 4.2.28 or later.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-407

Related Identifiers

BDU:2026-03465

BIT-DJANGO-2025-14550

CVE-2025-14550

GHSA-33MW-Q7RJ-MJWJ

MGASA-2026-0032

OESA-2026-1307

OESA-2026-1308

OESA-2026-1309

OESA-2026-1343

OESA-2026-1344

OPENSUSE-SU-2026:10145-1

OPENSUSE-SU-2026:10160-1

OPENSUSE-SU-2026:10216-1

OPENSUSE-SU-2026:10247-1

OPENSUSE-SU-2026:20184-1

PYSEC-2026-43

RHSA-2026:13508

RHSA-2026:14835

RHSA-2026:3958

RHSA-2026:3959

RHSA-2026:5970

RHSA-2026:5971

SUSE-SU-2026:0440-1

USN-8009-1

Affected Products

Django

Linuxmint

Red Os

Ubuntu

CVE-2025-14550

Weakness Enumeration

Related Identifiers

Affected Products

References · 66