Moderate severityNVD Advisory· Published Oct 10, 2025· Updated Oct 14, 2025
python-ldap Vulnerable to Improper Encoding or Escaping of Output and Improper Null Termination
CVE-2025-61912
Description
python-ldap is a lightweight directory access protocol (LDAP) client API for Python. In versions prior to 3.4.5, ldap.dn.escape_dn_chars() escapes \x00 incorrectly by emitting a backslash followed by a literal NUL byte instead of the RFC-4514 hex form \00. Any application that uses this helper to construct DNs from untrusted input can be made to consistently fail before a request is sent to the LDAP server (e.g., AD), resulting in a client-side denial of service. Version 3.4.5 contains a patch for the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
python-ldapPyPI | < 3.4.5 | 3.4.5 |
Affected products
9- osv-coords8 versionspkg:apk/chainguard/awxpkg:pypi/python-ldappkg:rpm/opensuse/python-ldap&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python-ldap&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/python-ldap&distro=openSUSE%20Tumbleweedpkg:rpm/suse/python-ldap&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6pkg:rpm/suse/python-ldap&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/python-ldap&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0
< 24.6.1-r18+ 7 more
- (no CPE)range: < 24.6.1-r18
- (no CPE)range: < 3.4.5
- (no CPE)range: < 3.4.0-150400.3.3.1
- (no CPE)range: < 3.4.4-160000.3.1
- (no CPE)range: < 3.4.5-1.1
- (no CPE)range: < 3.4.0-150400.3.3.1
- (no CPE)range: < 3.4.4-160000.3.1
- (no CPE)range: < 3.4.4-160000.3.1
- python-ldap/python-ldapv5Range: < 3.4.5
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-p34h-wq7j-h5v6ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-61912ghsaADVISORY
- github.com/python-ldap/python-ldap/commit/6ea80326a34ee6093219628d7690bced50c49a3fghsax_refsource_MISCWEB
- github.com/python-ldap/python-ldap/releases/tag/python-ldap-3.4.5ghsax_refsource_MISCWEB
- github.com/python-ldap/python-ldap/security/advisories/GHSA-p34h-wq7j-h5v6ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.