CVE-2025-48432 MEDIUM

CVE-2025-48432

Vendor Djangoproject
Product Django
Weakness CWE-117
Published June 5, 2025
Last update June 11, 2025

CVSS base score

4.0/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

What the vulnerability does

01Description

An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems.

Key dates

02Disclosure timeline

June 5, 2025 CVE published
June 11, 2025 Record updated