CVE-2025-61911
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-61911
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-61911.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-61911
- Aliases
- Downstream
- Related
- Published
- 2025-10-10T22:02:15Z
- Modified
- 2025-10-20T20:33:37.387121Z
- Severity
-
- 5.5 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P CVSS Calculator
- Summary
- python-ldap has sanitization bypass in ldap.filter.escape_filter_chars
- Details
-
python-ldap is a lightweight directory access protocol (LDAP) client API for Python. In versions prior to 3.4.5, the sanitization method
ldap.filter.escape_filter_charscan be tricked to skip escaping of special characters when a craftedlistordictis supplied as theassertion_valueparameter, and the non-defaultescape_mode=1is configured. The methodldap.filter.escape_filter_charssupports 3 different escaping modes.escape_mode=0(default) andescape_mode=2happen to raise exceptions when alistordictobject is supplied as theassertion_valueparameter. However,escape_mode=1computes without performing adequate logic to ensure a fully escaped return value. If an application relies on the vulnerable method in thepython-ldaplibrary to escape untrusted user input, an attacker might be able to abuse the vulnerability to launch ldap injection attacks which could potentially disclose or manipulate ldap data meant to be inaccessible to them. Version 3.4.5 fixes the issue by adding a type check at the start of theldap.filter.escape_filter_charsmethod to raise an exception when the suppliedassertion_valueparameter is not of typestr. - Database specific
{ "cwe_ids": [ "CWE-75", "CWE-843" ] }- References
Affected packages
Git / github.com/python-ldap/python-ldap
Affected ranges
- Type
- GIT
- Repo
- https://github.com/python-ldap/python-ldap
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed