python-ldap up to 3.4.4 on Python ldap.filter.escape_filter_chars assertion_value special elements into a different plane (special element injection)
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.8 | $0-$5k | 0.00 |
Summary
A vulnerability, which was classified as critical, has been found in python-ldap up to 3.4.4 on Python. This affects the function ldap.filter.escape_filter_chars. Performing a manipulation of the argument assertion_value results in failure to sanitize special elements into a different plane (special element injection).
This vulnerability is identified as CVE-2025-61911. The attack can be initiated remotely. There is not any exploit available.
It is advisable to upgrade the affected component.
Details
A vulnerability classified as critical has been found in python-ldap up to 3.4.4 on Python. This affects the function ldap.filter.escape_filter_chars. The manipulation of the argument assertion_value with an unknown input leads to a failure to sanitize special elements into a different plane (special element injection) vulnerability. CWE is classifying the issue as CWE-75. The product does not adequately filter user-controlled input for special elements with control implications. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:
python-ldap is a lightweight directory access protocol (LDAP) client API for Python. In versions prior to 3.4.5, the sanitization method `ldap.filter.escape_filter_chars` can be tricked to skip escaping of special characters when a crafted `list` or `dict` is supplied as the `assertion_value` parameter, and the non-default `escape_mode=1` is configured. The method `ldap.filter.escape_filter_chars` supports 3 different escaping modes. `escape_mode=0` (default) and `escape_mode=2` happen to raise exceptions when a `list` or `dict` object is supplied as the `assertion_value` parameter. However, `escape_mode=1` computes without performing adequate logic to ensure a fully escaped return value. If an application relies on the vulnerable method in the `python-ldap` library to escape untrusted user input, an attacker might be able to abuse the vulnerability to launch ldap injection attacks which could potentially disclose or manipulate ldap data meant to be inaccessible to them. Version 3.4.5 fixes the issue by adding a type check at the start of the `ldap.filter.escape_filter_chars` method to raise an exception when the supplied `assertion_value` parameter is not of type `str`.
It is possible to read the advisory at github.com. This vulnerability is uniquely identified as CVE-2025-61911 since 10/04/2025. The exploitability is told to be easy. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. Technical details of the vulnerability are known, but there is no available exploit.
The vulnerability scanner Nessus provides a plugin with the ID 270277 (Linux Distros Unpatched Vulnerability : CVE-2025-61911), which helps to determine the existence of the flaw in a target environment.
Upgrading to version 3.4.5 eliminates this vulnerability. The upgrade is hosted for download at github.com. Applying the patch 3957526fb1852e84b90f423d9fef34c7af25b85a is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.
The vulnerability is also documented in the databases at Tenable (270277) and CERT Bund (WID-SEC-2026-1730). Be aware that VulDB is the high quality source for vulnerability data.
Affected
- Xerox FreeFlow Print Server
Product
Type
Name
Version
License
Website
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔒VulDB Reliability: 🔍
CNA CVSS-B Score: 🔒
CNA CVSS-BT Score: 🔒
CNA Vector: 🔒
CVSSv3
VulDB Meta Base Score: 6.9VulDB Meta Temp Score: 6.8
VulDB Base Score: 7.3
VulDB Temp Score: 7.0
VulDB Vector: 🔒
VulDB Reliability: 🔍
NVD Base Score: 6.5
NVD Vector: 🔒
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Exploiting
Class: Failure to sanitize special elements into a different plane (special element injection)CWE: CWE-75 / CWE-707 / CWE-20
CAPEC: 🔒
ATT&CK: 🔒
Physical: No
Local: No
Remote: Yes
Availability: 🔒
Status: Not defined
EPSS Score: 🔒
EPSS Percentile: 🔒
Price Prediction: 🔍
Current Price Estimation: 🔒
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 270277
Nessus Name: Linux Distros Unpatched Vulnerability : CVE-2025-61911
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔒
Upgrade: python-ldap 3.4.5
Patch: 3957526fb1852e84b90f423d9fef34c7af25b85a
Timeline
10/04/2025 CVE reserved10/11/2025 Advisory disclosed
10/11/2025 VulDB entry created
05/31/2026 VulDB entry last update
Sources
Product: github.comAdvisory: GHSA-r7r6-cc7p-4v5m
Status: Confirmed
CVE: CVE-2025-61911 (🔒)
GCVE (CVE): GCVE-0-2025-61911
GCVE (VulDB): GCVE-100-327951
CERT Bund: WID-SEC-2026-1730 - Xerox FreeFlow Print Server: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff
Entry
Created: 10/11/2025 09:45Updated: 05/31/2026 07:24
Changes: 10/11/2025 09:45 (72), 10/11/2025 10:56 (1), 10/19/2025 05:33 (2), 12/05/2025 12:27 (11), 05/31/2026 07:24 (7)
Complete: 🔍
Cache ID: 216::103
Be aware that VulDB is the high quality source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.