How do I check if my project is affected by GHSA-qw25-v68c-qjf3?

Use GeekWala's free vulnerability scanner to check your dependencies against GHSA-qw25-v68c-qjf3 and 200,000+ other known vulnerabilities. Upload your package.json, requirements.txt, or other dependency file to get instant results.

GHSA-qw25-v68c-qjf3

HIGH

Django has a denial-of-service vulnerability in HttpResponseRedirect and HttpResponsePermanentRedirect on Windows

Published November 5, 2025Updated February 4, 2026Source: osv

Details

An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. NFKC normalization in Python is slow on Windows. As a consequence, `django.http.HttpResponseRedirect`, `django.http.HttpResponsePermanentRedirect`, and the shortcut `django.shortcuts.redirect` were subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Seokchan Yoon for reporting this issue.

Remediation

Upgrade to the fixed version using your package manager.

pip

Update django to 5.1.14 or later

pip install "django>=5.1.14"

pip

Update django to 5.2.8 or later

pip install "django>=5.2.8"

pip

Update django to 4.2.26 or later

pip install "django>=4.2.26"

After upgrading, run your dependency scanner again to confirm the vulnerability is resolved.

Affected Packages (3)

Package	Ecosystem	Affected	Fixed In
django	PyPI	5.0, 5.0.1, 5.0.10, 5.0.11 (+31 more)	5.1.14
django	PyPI	5.2, 5.2.1, 5.2.2, 5.2.3 (+7 more)	5.2.8
django	PyPI	1.0.1, 1.0.2, 1.0.3, 1.0.4 (+358 more)	4.2.26

Vulnerability Classification

Common Weakness Enumeration (CWE) identifiers for this vulnerability type.

CWE-407
View on MITRE

CVSS Score Breakdown

What the CVSS (Common Vulnerability Scoring System) 3.1 score means for each attack dimension.

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

Risk Assessment

CVSS Score

3.1

Exploitation is difficult or impact is minor. Address in your next planned update.

EPSS Score (30-day exploit probability)

0.03%

Higher than 7% of vulnerabilities

Also Known As

BIT-django-2025-64458

CVE-2025-64458

Check if you're affected

Scan your dependencies to see if this vulnerability affects your projects.

Scan Your Dependencies