Home > Vulnerability Database > CVE-2025-61912

Mend.io Vulnerability Database

CVE-2025-61912

Good to know:

Date: October 10, 2025

python-ldap is a lightweight directory access protocol (LDAP) client API for Python. In versions prior to 3.4.5, ldap.dn.escape_dn_chars() escapes \x00 incorrectly by emitting a backslash followed by a literal NUL byte instead of the RFC-4514 hex form \00. Any application that uses this helper to construct DNs from untrusted input can be made to consistently fail before a request is sent to the LDAP server (e.g., AD), resulting in a client-side denial of service. Version 3.4.5 contains a patch for the issue.

Severity Score

5.3

Related Resources (6)

Url: https://github.com/python-ldap/python-ldap/releases/tag/python-ldap-3.4.5

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-61912

Url: https://github.com/python-ldap/python-ldap/commit/6ea80326a34ee6093219628d7690bced50c49a3f

Url: https://github.com/python-ldap/python-ldap/security/advisories/GHSA-p34h-wq7j-h5v6

Url: https://github.com/python-ldap/python-ldap

Url: https://www.mend.io/vulnerability-database/CVE-2025-61912

Severity Score

5.3

Weakness Type (CWE)

Improper Encoding or Escaping of Output

CWE-116

Improper Null Termination

CWE-170

Top Fix

Upgrade Version

Upgrade to version python-ldap - 3.4.5

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2025-61912

Good to know:

Date: October 10, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?