CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-59682

An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. The django.utils.archive.extract() function, used by the "startapp --template" and "startproject --template" commands, allows partial directory traversal via an archive with file paths sharing a common prefix with the target directory.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 28.0%

CVSS Severity

CVSS v3 Score 3.1

References

Products affected by CVE-2025-59682

Djangoproject » Django » Version: 4.2.0

cpe:2.3:a:djangoproject:django:4.2.0
Djangoproject » Django » Version: 4.2.1

cpe:2.3:a:djangoproject:django:4.2.1
Djangoproject » Django » Version: 4.2.10

cpe:2.3:a:djangoproject:django:4.2.10
Djangoproject » Django » Version: 4.2.11

cpe:2.3:a:djangoproject:django:4.2.11
Djangoproject » Django » Version: 4.2.12

cpe:2.3:a:djangoproject:django:4.2.12
Djangoproject » Django » Version: 4.2.13

cpe:2.3:a:djangoproject:django:4.2.13
Djangoproject » Django » Version: 4.2.14

cpe:2.3:a:djangoproject:django:4.2.14
Djangoproject » Django » Version: 4.2.15

cpe:2.3:a:djangoproject:django:4.2.15
Djangoproject » Django » Version: 4.2.16

cpe:2.3:a:djangoproject:django:4.2.16
Djangoproject » Django » Version: 4.2.17

cpe:2.3:a:djangoproject:django:4.2.17
Djangoproject » Django » Version: 4.2.18

cpe:2.3:a:djangoproject:django:4.2.18
Djangoproject » Django » Version: 4.2.19

cpe:2.3:a:djangoproject:django:4.2.19
Djangoproject » Django » Version: 4.2.2

cpe:2.3:a:djangoproject:django:4.2.2
Djangoproject » Django » Version: 4.2.20

cpe:2.3:a:djangoproject:django:4.2.20
Djangoproject » Django » Version: 4.2.21

cpe:2.3:a:djangoproject:django:4.2.21
Djangoproject » Django » Version: 4.2.22

cpe:2.3:a:djangoproject:django:4.2.22
Djangoproject » Django » Version: 4.2.23

cpe:2.3:a:djangoproject:django:4.2.23
Djangoproject » Django » Version: 4.2.24

cpe:2.3:a:djangoproject:django:4.2.24
Djangoproject » Django » Version: 4.2.3

cpe:2.3:a:djangoproject:django:4.2.3
Djangoproject » Django » Version: 4.2.4

cpe:2.3:a:djangoproject:django:4.2.4
Djangoproject » Django » Version: 4.2.5

cpe:2.3:a:djangoproject:django:4.2.5
Djangoproject » Django » Version: 4.2.6

cpe:2.3:a:djangoproject:django:4.2.6
Djangoproject » Django » Version: 4.2.7

cpe:2.3:a:djangoproject:django:4.2.7
Djangoproject » Django » Version: 4.2.8

cpe:2.3:a:djangoproject:django:4.2.8
Djangoproject » Django » Version: 4.2.9

cpe:2.3:a:djangoproject:django:4.2.9
Djangoproject » Django » Version: 5.1

cpe:2.3:a:djangoproject:django:5.1
Djangoproject » Django » Version: 5.1.1

cpe:2.3:a:djangoproject:django:5.1.1
Djangoproject » Django » Version: 5.1.10

cpe:2.3:a:djangoproject:django:5.1.10
Djangoproject » Django » Version: 5.1.11

cpe:2.3:a:djangoproject:django:5.1.11
Djangoproject » Django » Version: 5.1.12

cpe:2.3:a:djangoproject:django:5.1.12
Djangoproject » Django » Version: 5.1.2

cpe:2.3:a:djangoproject:django:5.1.2
Djangoproject » Django » Version: 5.1.3

cpe:2.3:a:djangoproject:django:5.1.3
Djangoproject » Django » Version: 5.1.4

cpe:2.3:a:djangoproject:django:5.1.4
Djangoproject » Django » Version: 5.1.5

cpe:2.3:a:djangoproject:django:5.1.5
Djangoproject » Django » Version: 5.1.6

cpe:2.3:a:djangoproject:django:5.1.6
Djangoproject » Django » Version: 5.1.7

cpe:2.3:a:djangoproject:django:5.1.7
Djangoproject » Django » Version: 5.1.8

cpe:2.3:a:djangoproject:django:5.1.8
Djangoproject » Django » Version: 5.1.9

cpe:2.3:a:djangoproject:django:5.1.9
Djangoproject » Django » Version: 5.2

cpe:2.3:a:djangoproject:django:5.2
Djangoproject » Django » Version: 5.2.1

cpe:2.3:a:djangoproject:django:5.2.1
Djangoproject » Django » Version: 5.2.2

cpe:2.3:a:djangoproject:django:5.2.2
Djangoproject » Django » Version: 5.2.3

cpe:2.3:a:djangoproject:django:5.2.3
Djangoproject » Django » Version: 5.2.4

cpe:2.3:a:djangoproject:django:5.2.4
Djangoproject » Django » Version: 5.2.5

cpe:2.3:a:djangoproject:django:5.2.5
Djangoproject » Django » Version: 5.2.6

cpe:2.3:a:djangoproject:django:5.2.6

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-59682

Products

Pricing

Contact Us