CVE-2025-48383HIGH 8.2EPSS p17.3%

CVE-2025-48383CVE-2025-48383

Description

Django-Select2 is a Django integration for Select2. Prior to version 8.4.1, instances of HeavySelect2Mixin subclasses like the ModelSelect2MultipleWidget and ModelSelect2Widget can leak secret access tokens across requests. This can allow users to access restricted query sets and restricted data. This issue has been patched in version 8.4.1.

Scoring

CVSS 3.18.2 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
EPSS0.26% probability of exploitation · percentile 17.3% · 2026-06-19T12:03:05Z
Published2025-05-27
Last modified2026-04-15

Underlying weaknesses· 2

CWE-402CWE-918

References

  1. https://github.com/codingjoe/django-select2/commit/e5f41e6edba004d35f94915ff5e2559f44853412
  2. https://github.com/codingjoe/django-select2/security/advisories/GHSA-wjrh-hj83-3wh7

2

TypeTargetConfidenceTier
WeaknessTransmission of Private Resources into a New Sphere ('Resource Leak')cwe-4020%live
WeaknessServer-Side Request Forgery (SSRF)cwe-9180%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-57833
CVE
CVE-2026-46645
CVE
CVE-2025-28104
CVE
CVE-2024-11406
CVE
CVE-2026-27984
CVE
CVE-2025-13982
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.