CVE-2025-32873: 
Django vulnerability analysis and mitigation

A denial-of-service vulnerability (CVE-2025-32873) was discovered in Django's striptags() function. The vulnerability affects Django versions 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The issue was disclosed on May 7, 2025, and involves the django.utils.html.striptags() function and the striptags template filter being vulnerable to potential denial-of-service through slow performance when processing inputs containing large sequences of incomplete HTML tags (Django Weblog).

The vulnerability exists in the django.utils.html.striptags() function, which experiences performance degradation when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also affected as it is built on top of striptags(). The issue has been assigned a CVSS v3.1 Base Score of 5.3 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L. The vulnerability is classified under CWE-770 (Allocation of Resources Without Limits or Throttling) (NVD).

When exploited, this vulnerability can lead to service degradation or unresponsiveness in Django applications that use the strip_tags() function or the striptags template filter. The severity is rated as 'moderate' according to Django's security policy, primarily affecting the availability aspect of the system without compromising confidentiality or integrity (Django Weblog).

The issue has been fixed in Django versions 5.2.1, 5.1.9, and 4.2.21. The patch implements a security measure where django.utils.html.strip_tags() now raises a SuspiciousOperation exception when encountering an unusually large number of unclosed opening tags. Users are strongly encouraged to upgrade to these patched versions. The fixes are available in the main, 5.2, 5.1, and 4.2 branches of Django (Django Weblog).