CVE-2025-64460
BaseFortify
Publication date: 2025-12-02
Last updated on: 2025-12-10
Assigner: Django Software Foundation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| djangoproject | django | From 4.2 (inc) to 4.2.27 (exc) |
| djangoproject | django | From 5.1 (inc) to 5.1.15 (exc) |
| djangoproject | django | From 5.2 (inc) to 5.2.9 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-407 | An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an attacker, typically using crafted manipulations that ensure that the worst case is being reached. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an algorithmic complexity issue in the function django.core.serializers.xml_serializer.getInnerText(). It allows a remote attacker to send specially crafted XML input to the XML Deserializer, causing excessive CPU and memory usage, potentially leading to a denial-of-service (DoS) attack.
How can this vulnerability impact me? :
The vulnerability can impact you by enabling a remote attacker to cause a denial-of-service condition on your system. This happens because the specially crafted XML input triggers high CPU and memory consumption, which can exhaust system resources and disrupt normal service availability.