CVE-2025-64458: 
Django Análise e mitigação de vulnerabilidades

CVE-2025-64458 is a moderate-severity denial-of-service vulnerability discovered in Django affecting versions 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. The vulnerability was disclosed on November 5, 2025, and was discovered by Seokchan Yoon. The issue affects Django's HTTP redirect functionality, specifically the django.http.HttpResponseRedirect, django.http.HttpResponsePermanentRedirect, and django.shortcuts.redirect components when running on Windows systems (Django Security).

The vulnerability stems from slow NFKC normalization in Python when running on Windows systems. The issue has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (NVD). The vulnerability is classified under CWE-407 (Inefficient Algorithmic Complexity) and affects the HTTP response redirect functionality in Django (Security Online).

When exploited, the vulnerability can lead to a denial-of-service condition specifically on Windows-based Django deployments. The attack can be triggered by sending requests containing inputs with a very large number of Unicode characters, causing the NFKC normalization process to consume excessive system resources (GBHackers).

The Django Software Foundation has released patches for all affected versions. Users should upgrade to Django versions 5.2.8, 5.1.14, or 4.2.26 based on their current deployment version. The patches have been applied to Django's main branch, 6.0 (beta), 5.2, 5.1, and 4.2 branches (Django Security).