cbcvebase.
CVE-2025-27556
published 2025-04-02

CVE-2025-27556: An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence…

PriorityP336high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.93%
56.1th percentile
An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.

Affected

5 ranges
VendorProductVersion rangeFixed in
debianpython-django
djangoprojectdjango>= 5.0 < 5.0.145.0.14
djangoprojectdjango>= 5.0 < 5.0.145.0.14
djangoprojectdjango>= 5.1 < 5.1.85.1.8
djangoprojectdjango>= 5.1 < 5.1.85.1.8

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vendor_debian5.8LOW
vendor_redhat5.8MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.