CVE-2025-27556
published 2025-04-02CVE-2025-27556: An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence…
PriorityP336high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.93%
56.1th percentile
An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | python-django | — | — |
| djangoproject | django | >= 5.0 < 5.0.14 | 5.0.14 |
| djangoproject | django | >= 5.0 < 5.0.14 | 5.0.14 |
| djangoproject | django | >= 5.1 < 5.1.8 | 5.1.8 |
| djangoproject | django | >= 5.1 < 5.1.8 | 5.1.8 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vendor_debian5.8LOW
vendor_redhat5.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
django: Django DoS Unicode Attack
vendor_redhat·2025-04-02·CVSS 5.8
CVE-2025-27556 [MEDIUM] CWE-770 django: Django DoS Unicode Attack
django: Django DoS Unicode Attack
An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.
A flaw was found in Django. This vulnerability allows denial of service attacks via certain inputs with an excessive number of Unicode characters.
Mitigation: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Packa
Debian
CVE-2025-27556: python-django - An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NF...
vendor_debian·2025·CVSS 5.8
CVE-2025-27556 [MEDIUM] CVE-2025-27556: python-django - An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NF...
An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
GHSA
Django Potential Denial of Service (DoS) on Windows
ghsa·2025-04-02
CVE-2025-27556 [MEDIUM] CWE-770 Django Potential Denial of Service (DoS) on Windows
Django Potential Denial of Service (DoS) on Windows
An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.
OSV
Django Potential Denial of Service (DoS) on Windows
osv·2025-04-02
CVE-2025-27556 [MEDIUM] Django Potential Denial of Service (DoS) on Windows
Django Potential Denial of Service (DoS) on Windows
An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.
OSV
CVE-2025-27556: An issue was discovered in Django 5
osv·2025-04-02
CVE-2025-27556 CVE-2025-27556: An issue was discovered in Django 5
An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-04-02
Published