How to fix CVE-2025-48432?

Within 30 days: Identify affected systems running Django 5.2 and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Is Python affected by CVE-2025-48432?

Organizations using Django 5.2 should be aware of moderate risk from CVE-2025-48432 rated CVSS 4.0. Exploitation could compromise the security of affected deployments. Organizations should apply vendor updates when available and monitor for exploitation.

CVE-2025-48432

EUVD-2025-16951 MEDIUM

2025-06-05 [email protected]

GHSA-7xr5-9hcq-chf9

4.0

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

Low

Availability

None

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 14, 2026 - 17:53 vuln.today

EUVD ID Assigned

Mar 14, 2026 - 17:53 euvd

EUVD-2025-16951

CVE Published

Jun 05, 2025 - 03:15 nvd

MEDIUM 4.0

Description

An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems.

Analysis

A security vulnerability in Django 5.2 (CVSS 4.0) that allows remote attackers. Remediation should follow standard vulnerability management procedures.

Technical Context

Vulnerability type not specified by vendor. Affects Django 5.2.

Affected Products

['Django 5.2']

Remediation

Monitor vendor channels for patch availability.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +20

POC: 0

Vendor Status

Ubuntu

Priority: Low

python-django

Release	Status	Version
trusty	needs-triage	-
xenial	needs-triage	-
bionic	needs-triage	-
upstream	released	5.2.2,5.1.10,4.2.22
focal	released	2:2.2.12-1ubuntu0.29+esm2
jammy	released	2:3.2.12-2ubuntu1.20
noble	released	3:4.2.11-1ubuntu1.9
oracular	released	3:4.2.15-1ubuntu1.6
plucky	released	3:4.2.18-1ubuntu1.3
questing	released	3:5.2.4-1

USN-7555-1

Debian

Bug #1107282

python-django

Release	Status	Fixed Version	Urgency
bullseye	fixed	2:2.2.28-1~deb11u7	-
bullseye (security)	fixed	2:2.2.28-1~deb11u12	-
bookworm	fixed	3:3.2.25-0+deb12u1	-
bookworm (security)	fixed	3:3.2.25-0+deb12u2	-
trixie (security), trixie	fixed	3:4.2.28-0+deb13u1	-
forky, sid	fixed	3:4.2.29-1	-
(unstable)	fixed	3:4.2.23-1	-

DLA-4210-1 DSA-6136-1

CVE-2025-48432 vulnerability details – vuln.today

Back

CVE-2025-48432

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

CVE-2025-48432

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

External POC / Exploit Code