Django Observable Timing Discrepancy Vulnerability - CVE-2025-13473 - Vulnerability Database

Django Observable Timing Discrepancy Vulnerability - CVE-2025-13473

Medium

Reference: CVE-2025-13473

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2025-13473

Title: Django Observable Timing Discrepancy Vulnerability

Overview:

An issue was discovered in 6.0 before 6.0.2 5.2 before 5.2.11 and 4.2 before 4.2.28. The django.contrib.auth.handlers.modwsgi.check_password() function for authentication via mod_wsgi allows remote attackers to enumerate users via a timing attack. Earlier unsupported Django series (such as 5.0.x 4.1.x and 3.2.x) were not evaluated and may also be affected. Django would like to thank Stackered for reporting this issue.