CVE-2025-14550

EPSS 0.04%
Veröffentlicht 03.02.2026 14:38:15
Zuletzt bearbeitet 04.02.2026 17:09:58
Quelle 6a34fbeb-21d4-45e7-8e0a-62b95b
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.
`ASGIRequest` allows a remote attacker to cause a potential denial-of-service via a crafted request with multiple duplicate headers.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Jiyong Yang for reporting this issue.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Djangoproject ≫ Django Version >= 4.2 < 4.2.28

Djangoproject ≫ Django Version >= 5.2 < 5.2.11

Djangoproject ≫ Django Version >= 6.0 < 6.0.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.122

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-407 Inefficient Algorithmic Complexity

An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an attacker, typically using crafted manipulations that ensure that the worst case is being reached.

https://docs.djangoproject.com/en/dev/releases/security/

Patch

Vendor Advisory

https://groups.google.com/g/django-announce

Release Notes

https://www.djangoproject.com/weblog/2026/feb/03/security-releases/

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-14550

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-14550

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-14550

EUVD