MGASA-2025-0153

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2025-32873

Published: 11 May 2025, 04:42

Last modified:16 Apr 2026, 04:21

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

11 May 2025, 04:42

Published

Vulnerability first disclosed

16 Apr 2026, 04:21

Last Modified

Vulnerability information updated

Description

Updated python-django packages fix security vulnerability An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags(). (CVE-2025-32873)

Affected Systems

mageia•python-django
< 4.1.13-1.4.mga9

References (3)

https://advisories.mageia.org/MGASA-2025-0153.html
https://bugs.mageia.org/show_bug.cgi?id=34259
https://ubuntu.com/security/notices/USN-7501-1