{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-48432", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-06-11T14:59:01.028Z", "dateReserved": "2025-05-21T00:00:00.000Z", "datePublished": "2025-06-05T00:00:00.000Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "product": "Django", "vendor": "djangoproject", "versions": [{"lessThan": "4.2.23", "status": "affected", "version": "4.2", "versionType": "custom"}, {"lessThan": "5.1.11", "status": "affected", "version": "5.1", "versionType": "custom"}, {"lessThan": "5.2.3", "status": "affected", "version": "5.2", "versionType": "custom"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.2", "versionEndExcluding": "4.2.23"}, {"vulnerable": true, "criteria": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.1", "versionEndExcluding": "5.1.11"}, {"vulnerable": true, "criteria": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.2", "versionEndExcluding": "5.2.3"}]}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-117", "description": "CWE-117 Improper Output Neutralization for Logs", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-06-11T14:59:01.028Z"}, "references": [{"url": "https://docs.djangoproject.com/en/dev/releases/security/"}, {"url": "https://groups.google.com/g/django-announce"}, {"url": "https://www.djangoproject.com/weblog/2025/jun/04/security-releases/"}, {"url": "https://www.djangoproject.com/weblog/2025/jun/10/bugfix-releases/"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N"}}]}, "adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2025/06/04/5"}, {"url": "http://www.openwall.com/lists/oss-security/2025/06/10/2"}, {"url": "http://www.openwall.com/lists/oss-security/2025/06/10/3"}, {"url": "http://www.openwall.com/lists/oss-security/2025/06/10/4"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-06-10T18:03:40.110Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-05T13:20:12.712693Z", "id": "CVE-2025-48432", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-05T14:10:52.025Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2025/06/04/5"}, {"url": "http://www.openwall.com/lists/oss-security/2025/06/10/2"}, {"url": "http://www.openwall.com/lists/oss-security/2025/06/10/3"}, {"url": "http://www.openwall.com/lists/oss-security/2025/06/10/4"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-06-10T18:03:40.110Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-48432", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-05T13:20:12.712693Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-05T13:20:14.635Z"}}], "cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N"}}], "affected": [{"vendor": "djangoproject", "product": "Django", "versions": [{"status": "affected", "version": "4.2", "lessThan": "4.2.23", "versionType": "custom"}, {"status": "affected", "version": "5.1", "lessThan": "5.1.11", "versionType": "custom"}, {"status": "affected", "version": "5.2", "lessThan": "5.2.3", "versionType": "custom"}], "defaultStatus": "unknown"}], "references": [{"url": "https://docs.djangoproject.com/en/dev/releases/security/"}, {"url": "https://groups.google.com/g/django-announce"}, {"url": "https://www.djangoproject.com/weblog/2025/jun/04/security-releases/"}, {"url": "https://www.djangoproject.com/weblog/2025/jun/10/bugfix-releases/"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-117", "description": "CWE-117 Improper Output Neutralization for Logs"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.2.23", "versionStartIncluding": "4.2"}, {"criteria": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.1.11", "versionStartIncluding": "5.1"}, {"criteria": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.2.3", "versionStartIncluding": "5.2"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-06-11T14:59:01.028Z"}}}, "cveMetadata": {"cveId": "CVE-2025-48432", "state": "PUBLISHED", "dateUpdated": "2025-06-11T14:59:01.028Z", "dateReserved": "2025-05-21T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2025-06-05T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*", "matchCriteriaId": "6CD30280-19CF-4E2E-88D1-AEFE9915048B", "versionEndExcluding": "4.2.23", "versionStartIncluding": "4.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*", "matchCriteriaId": "1627628C-0E8F-47E7-B082-D6F36C5A4C30", "versionEndExcluding": "5.1.11", "versionStartIncluding": "5.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*", "matchCriteriaId": "F42CCC03-C3E9-4EBB-9C93-D30C780DEE2A", "versionEndExcluding": "5.2.3", "versionStartIncluding": "5.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Django 5.2 (anterior a la 5.2.2), 5.1 (anterior a la 5.1.10) y 4.2 (anterior a la 4.2.22). El registro interno de respuestas HTTP no escapa a request.path, lo que permite a atacantes remotos manipular la salida del registro mediante URL manipuladas. Esto puede provocar la inyecci\u00f3n o falsificaci\u00f3n de registros cuando estos se visualizan en terminales o son procesados por sistemas externos."}], "id": "CVE-2025-48432", "lastModified": "2025-10-15T17:47:56.647", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "cve@mitre.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-06-05T03:15:25.563", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://docs.djangoproject.com/en/dev/releases/security/"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://groups.google.com/g/django-announce"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.djangoproject.com/weblog/2025/jun/04/security-releases/"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://www.djangoproject.com/weblog/2025/jun/10/bugfix-releases/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2025/06/04/5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2025/06/10/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2025/06/10/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2025/06/10/4"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-117"}], "source": "cve@mitre.org", "type": "Secondary"}]}

{"bugzilla": {"description": "django: Django Path Injection Vulnerability", "id": "2370365", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370365"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "status": "draft"}, "cwe": "CWE-117", "details": ["An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems.", "A flaw was found in Django. The `request.path` component of HTTP requests is not properly escaped when included in internal response logging, allowing remote attackers to manipulate log output through crafted URLs. This vulnerability allows an attacker to inject arbitrary content into Django's internal log files. The consequence is potential information leakage or log file corruption."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-48432", "package_state": [{"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "aap-cloud-metrics-collector-container", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-24/ee-dellemc-openmanage-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-24/lightspeed-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-24/platform-resource-runner-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-25/ansible-dev-tools-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-25/lightspeed-chatbot-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-25/lightspeed-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-25/platform-resource-runner-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "automation-controller", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:discovery:1", "fix_state": "Fix deferred", "package_name": "discovery/discovery-server-rhel9", "product_name": "Red Hat Discovery 1"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Fix deferred", "package_name": "python-django", "product_name": "Red Hat Satellite 6"}], "public_date": "2025-06-05T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-48432\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-48432\nhttp://www.openwall.com/lists/oss-security/2025/06/04/5\nhttps://docs.djangoproject.com/en/dev/releases/security/\nhttps://groups.google.com/g/django-announce\nhttps://www.djangoproject.com/weblog/2025/jun/04/security-releases/"], "statement": "The vulnerability allows for log injection via crafted URLs. While remote exploitation is possible without authentication (PR:N, UI:N), the attack requires a high degree of skill and knowledge to craft malicious URLs that will be logged. The impact is limited to confidentiality and integrity; specifically, the ability to manipulate log output. This allows an attacker to potentially forge log entries, which could be used for social engineering or to obscure malicious activity. While the impact isn't arbitrary code execution or a denial of service, the ability to manipulate logs presents a security risk, especially given that logs are often used for auditing and security monitoring. The Confidentiality impact is rated 'Low' as the information leaked is limited to the manipulated log entries themselves, not sensitive data. The Scope is changed to 'C' to reflect that the vulnerability affects only the logging component.", "threat_severity": "Moderate"}