In Django versions 5.2 before 5.2.2, 5.1 before 5.1.10 and 4.2 before 4.2.22 a medium severity vulnerability CVE-2025-48432 was detected. This vulnerability allows remote attackers to manipulate internal HTTP response logs via crafted URLs, potentially leading to log injection or forgery when logs are viewed in terminals or processed by external systems. To address this issue, users should upgrade Django to versions 5.2.2, 5.1.10 or 4.2.22. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-48432.
Django: Log Injection via Unescaped request.path in HTTP Response Logging
by the Hossted team
05.06.2025
05.06.2025