How severe is CVE-2025-69228?

CVE-2025-69228 has a CVSS v3 score of 7.5 (HIGH).

CVE-2025-69228

Name: aiohttp
Author: aiohttp

7.5HIGH

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a request to be crafted in such a way that an AIOHTTP server's memory fills up uncontrol

Опубликовано: 1/6/2026Обновлено: 1/14/2026

Описание

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a request to be crafted in such a way that an AIOHTTP server's memory fills up uncontrollably during processing. If an application includes a handler that uses the Request.post() method, an attacker may be able to freeze the server by exhausting the memory. This issue is fixed in version 3.13.3.

ИИ-АнализНа базе ИИ

Затронутые продукты

aiohttpaiohttp

Ссылки

https://github.com/aio-libs/aiohttp/commit/b7dbd35375aedbcd712cbae8ad513d56d11cce60
Patch
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-6jhg-hg63-jvvf
Vendor AdvisoryPatch