Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
CVE-2025-64460
Good to know:
Date: December 2, 2025
An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. Algorithmic complexity in "django.core.serializers.xml_serializer.getInnerText()" allows a remote attacker to cause a potential denial-of-service attack triggering CPU and memory exhaustion via specially crafted XML input processed by the XML "Deserializer". Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Seokchan Yoon for reporting this issue.
Severity Score
Related Resources (12)
Severity Score
Weakness Type (CWE)
Inefficient Algorithmic Complexity
CWE-407Top Fix
Upgrade Version
Upgrade to version django - 4.2.27;django - 5.1.15;django - 5.2.9;django - 5.2.9;django - 5.1.15;django - 4.2.27;django - 4.2.27;django - 5.1.15;django - 5.2.9;https://github.com/django/django.git - 4.2.27;https://github.com/django/django.git - 5.1.15;https://github.com/django/django.git - 5.2.9
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | NONE |
| User Interaction (UI): | NONE |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | NONE |
| Integrity (I): | NONE |
| Availability (A): | HIGH |