vulnerability

Ubuntu: USN-7903-1 (CVE-2025-64460): Django vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:N/I:N/A:C)	Dec 2, 2025	Dec 3, 2025	Dec 5, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:C)

Published

Dec 2, 2025

Added

Dec 3, 2025

Modified

Dec 5, 2025

Description

It was discovered that Django incorrectly handled certain characters in the
FilteredRelation object. An attacker could possibly use this issue to
execute arbitrary SQL commands. This issue only affected Ubuntu 20.04 LTS,
Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 25.04, and Ubuntu 25.10.
(CVE-2025-13372)

Seokchan Yoon discovered that Django inefficiently handled deserialization
of XML objects. An attacker could possibly use this issue to cause Django
to use excessive resources, causing a denial of service. (CVE-2025-64460)

Solutions

ubuntu-pro-upgrade-python-djangoubuntu-pro-upgrade-python3-django

References

CVE-2025-64460
https://attackerkb.com/topics/CVE-2025-64460
CWE-407
UBUNTU-USN-7903-1
URL-https://ubuntu.com/security/notices/USN-7903-1
URL-https://www.cve.org/CVERecord?id=CVE-2025-64460

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today