VYPR
Low severityNVD Advisory· Published Oct 1, 2025· Updated Nov 4, 2025

CVE-2025-59682

CVE-2025-59682

Description

An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. The django.utils.archive.extract() function, used by the "startapp --template" and "startproject --template" commands, allows partial directory traversal via an archive with file paths sharing a common prefix with the target directory.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
djangoPyPI
>= 4.2, < 4.2.254.2.25
djangoPyPI
>= 5.1, < 5.1.135.1.13
djangoPyPI
>= 5.2, < 5.2.75.2.7

Affected products

11

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.