CVE-2025-27556 — Vulnetix

CVE-2025-27556 PUBLISHED

An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.

EPSS 0.01% · 1.5th percentile

Risk Scores

EPSS Score

0.01%

1.5th percentile

Affected Products

Vendor	Product	Versions
Bitnami	django	5.0.0, 5.1.0, 5.0.0
Bitnami	django	5.1.0, 5.0.0

Timeline

Apr 2, 2025 CVE Published
Apr 3, 2025 EPSS Score
Apr 4, 2025 Coalition ESS Score
Apr 9, 2025 CVE Updated
Apr 16, 2025 EPSS Score
Apr 29, 2025 EPSS Score
May 11, 2025 EPSS Score
May 24, 2025 EPSS Score
Jun 6, 2025 EPSS Score
Jun 19, 2025 EPSS Score
Jul 2, 2025 EPSS Score
Jul 15, 2025 EPSS Score

References

http://www.openwall.com/lists/oss-security/2025/04/02/2 url
https://docs.djangoproject.com/en/dev/releases/security/ url
https://groups.google.com/g/django-announce url
https://nvd.nist.gov/vuln/detail/CVE-2025-27556 url
https://www.djangoproject.com/weblog/2025/apr/02/security-releases/ url

Open in Interactive Console →