CVE-2025-64458: 
Django vulnerability analysis and mitigation

CVE-2025-64458 is a moderate severity denial-of-service vulnerability discovered in Django web framework affecting versions 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. The vulnerability was discovered by Seokchan Yoon and disclosed on November 5, 2025. The issue affects Django's HTTP redirect handling functionality on Windows systems, specifically the django.http.HttpResponseRedirect, django.http.HttpResponsePermanentRedirect, and django.shortcuts.redirect components (Django Weblog, NVD).

The vulnerability stems from slow NFKC normalization in Python on Windows systems. When processing URLs with a very large number of Unicode characters through Django's redirect functions, the normalization process can consume excessive CPU resources. The issue has been assigned CWE-407 (Inefficient Algorithmic Complexity) and received a CVSS v3.1 base score of 7.5 (HIGH) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (NVD).

When exploited, this vulnerability can lead to denial-of-service conditions on Windows-based Django servers. Attackers can craft special URLs with excessive Unicode characters that, when processed by the affected redirect functions, cause significant performance degradation or service interruption (Security Online).

The Django team has released patches for all affected versions. Users should upgrade to Django versions 5.2.8, 5.1.14, or 4.2.26 based on their current installation. The fixes have been applied to Django's main branch and 6.0 beta as well (Django Weblog).

The Django Software Foundation classified this vulnerability as 'moderate' severity under their internal security policy. The security community has noted this as a significant issue particularly for Windows-based Django deployments, though less severe than the concurrent SQL injection vulnerability (CVE-2025-64459) released in the same security update (Security Online).