cbcvebase.
CVE-2025-32873
published 2025-05-08

CVE-2025-32873: An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a…

PriorityP434medium5.3CVSS 3.1
AVNACLPRNUINSUCNINAL
EPSS
13.97%
96.1th percentile
An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags().

Affected

9 ranges
VendorProductVersion rangeFixed in
debianpython-django< python-django 3:3.2.25-0+deb12u1 (bookworm)python-django 3:3.2.25-0+deb12u1 (bookworm)
djangoprojectdjango
djangoprojectdjango>= 4.2 < 4.2.214.2.21
djangoprojectdjango>= 4.2 < 4.2.214.2.21
djangoprojectdjango>= 4.2.0 < 4.2.214.2.21
djangoprojectdjango>= 5.1 < 5.1.95.1.9
djangoprojectdjango>= 5.1 < 5.1.95.1.9
djangoprojectdjango>= 5.2 < 5.2.15.2.1
djangoprojectdjango>= 5.2 < 5.2.15.2.1

CVSS provenance

nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
osv5.3MEDIUM
vendor_debian5.3MEDIUM
vendor_redhat5.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.