CVE-2025-13473 | Django up to 4.2.27/5.2.10/6.0.1 check_password timing discrepancy

Inserito da Angelo Barbosa | Feb 3, 2026 | CVE

A vulnerability, which was classified as problematic, was found in Django up to 4.2.27/5.2.10/6.0.1. Affected by this issue is the function check_password of the component django.contrib.auth.handlers.modwsgi.check_password. Such manipulation leads to observable timing discrepancy.

This vulnerability is uniquely identified as CVE-2025-13473. The attack can be launched remotely. No exploit exists.

You should upgrade the affected component.

CVE-2025-13473 | Django up to 4.2.27/5.2.10/6.0.1 check_password timing discrepancy

Post correlati

CVE-2024-5349 | LA-Studio Element Kit for Elementor Plugin up to 1.3.8.1 on WordPress file inclusion

CVE-2024-11315 | TRCore DVC up to 6.3 path traversal

CVE-2024-4654 | BlueNet Technology Clinical Browsing System 1.2.1 /xds/cloudInterface.php INSTI_CODE sql injection

CVE-2024-46293 | SourceCodester Online Medicine Ordering System 1.0 access control