VDB
DEBIAN-CVE-2025-32873
DEBIAN-CVE-2025-32873
PUBLISHED
CVSS 5.300000190734863 MEDIUM
An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags().
Risk Scores
CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | python-django | *, 0, 2:2.2.24-1 |
| Debian:14 | python-django | 0, 0 |
| Debian:13 | python-django | 0, 0 |
| Debian:12 | python-django | 3:3.2.19-1+deb12u2, 3:3.2.20-1.1, * |
Exploit Intelligence
- Django Security Issue (CVE-2025-32873) (github-poc)
- ghost_report_20260112_192608.json (github-poc)
- ghost_report_20260112_175243.json (github-poc)
- ghost_report_20260112_182220.json (github-poc)
Timeline
- May 8, 2025 CVE Published
- Apr 28, 2026 CVE Updated