Metrics
Affected Vendors & Products
Source | ID | Title |
---|---|---|
![]() |
DLA-4324-1 | python-django security update |
![]() |
EUVD-2025-32049 | Django vulnerable to partial directory traversal via archives |
![]() |
GHSA-q95w-c7qg-hrff | Django vulnerable to partial directory traversal via archives |
![]() |
USN-7794-1 | Django vulnerabilities |
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Wed, 22 Oct 2025 16:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:* |
Fri, 03 Oct 2025 00:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Title | django: Potential partial directory-traversal via archive.extract() | |
Weaknesses | CWE-22 | |
References |
| |
Metrics |
threat_severity
|
threat_severity
|
Thu, 02 Oct 2025 09:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Djangoproject
Djangoproject django |
|
Vendors & Products |
Djangoproject
Djangoproject django |
Wed, 01 Oct 2025 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 01 Oct 2025 19:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. The django.utils.archive.extract() function, used by the "startapp --template" and "startproject --template" commands, allows partial directory traversal via an archive with file paths sharing a common prefix with the target directory. | |
Weaknesses | CWE-23 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2025-10-01T19:10:39.951Z
Reserved: 2025-09-18T00:00:00.000Z
Link: CVE-2025-59682

Updated: 2025-10-01T19:10:32.149Z

Status : Analyzed
Published: 2025-10-01T19:15:37.007
Modified: 2025-10-22T15:58:29.237
Link: CVE-2025-59682


Updated: 2025-10-02T08:45:49Z