CVE-2025-32873 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-32873 PUBLISHED

An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags().

EPSS 0.16% · 37.4th percentile

Risk Scores

EPSS Score

0.16%

37.4th percentile

Affected Products

Vendor	Product	Versions
Bitnami	django	4.2.0, 5.1.0, 5.2.0
Bitnami	django	5.2.0, 5.1.0, 4.2.0

Timeline

May 7, 2025 CVE Published
May 8, 2025 EPSS Score
May 10, 2025 Coalition ESS Score
May 19, 2025 EPSS Score
May 30, 2025 EPSS Score
Jun 10, 2025 EPSS Score
Jun 18, 2025 Coalition ESS Score
Jun 21, 2025 EPSS Score
Jun 24, 2025 Coalition ESS Score
Jul 2, 2025 EPSS Score
Jul 13, 2025 EPSS Score
Jul 24, 2025 EPSS Score

References

Open in Interactive Console →