{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-03T05:42:47.479","vulnerabilities":[{"cve":{"id":"CVE-2025-64458","sourceIdentifier":"6a34fbeb-21d4-45e7-8e0a-62b95bc12c92","published":"2025-11-05T15:15:40.940","lastModified":"2025-11-10T18:33:02.957","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.\nNFKC normalization in Python is slow on Windows. As a consequence, `django.http.HttpResponseRedirect`, `django.http.HttpResponsePermanentRedirect`, and the shortcut `django.shortcuts.redirect`  were subject to a potential  denial-of-service attack via certain inputs with a very large number of Unicode characters.\nEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\nDjango would like to thank Seokchan Yoon for reporting this issue."},{"lang":"es","value":"Se descubrió un problema en 5.1 anterior a 5.1.14, 4.2 anterior a 4.2.26 y 5.2 anterior a 5.2.8. La normalización NFKC en Python es lenta en Windows. Como consecuencia, 'django.http.HttpResponseRedirect', 'django.http.HttpResponsePermanentRedirect' y el atajo 'django.shortcuts.redirect' estuvieron sujetos a un potencial ataque de denegación de servicio a través de ciertas entradas con un número muy grande de caracteres Unicode. Series de Django anteriores y no compatibles (como 5.0.x, 4.1.x y 3.2.x) no fueron evaluadas y también pueden estar afectadas. Django desea agradecer a Seokchan Yoon por informar este problema."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"6a34fbeb-21d4-45e7-8e0a-62b95bc12c92","type":"Secondary","description":[{"lang":"en","value":"CWE-407"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*","versionStartIncluding":"4.2","versionEndExcluding":"4.2.26","matchCriteriaId":"5FC7EBE0-A60A-4083-9FB7-E4ADCD2B5F37"},{"vulnerable":true,"criteria":"cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*","versionStartIncluding":"5.1","versionEndExcluding":"5.1.14","matchCriteriaId":"9F3A5471-02DB-428E-815E-516057A901FF"},{"vulnerable":true,"criteria":"cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*","versionStartIncluding":"5.2","versionEndExcluding":"5.2.8","matchCriteriaId":"F56E9016-F93A-4DAE-8070-D3A4909F00A4"}]}]}],"references":[{"url":"https://docs.djangoproject.com/en/dev/releases/security/","source":"6a34fbeb-21d4-45e7-8e0a-62b95bc12c92","tags":["Vendor Advisory"]},{"url":"https://groups.google.com/g/django-announce","source":"6a34fbeb-21d4-45e7-8e0a-62b95bc12c92","tags":["Mailing List"]},{"url":"https://www.djangoproject.com/weblog/2025/nov/05/security-releases/","source":"6a34fbeb-21d4-45e7-8e0a-62b95bc12c92","tags":["Vendor Advisory"]}]}}]}