CVE-2025-50181

Aliases:GHSA-pq67-6m6q-mj2v

Advisory lineage Upstream: 0 Downstream: 13

Downstream

DEBIAN-CVE-2025-50181 MGASA-2025-0281 OPENSUSE-SU-2025:15283-1 OPENSUSE-SU-2025:15284-1 OPENSUSE-SU-2026:10539-1 SUSE-SU-2025:02735-1

Modified

Published: 19 Jun 2025, 01:08

Last modified:22 Dec 2025, 18:44

Vulnerability Summary

Overall Risk (default)

medium

34/100

CVSS Score

6.1 MEDIUM

v3.1 (nvd)

EPSS Score

0.08% LOW

0% probability +0.06%

KEV

Not listed

Ransomware

No reports

Public exploits

1 found

Dark Web

Not detected

Timeline

19 Jun 2025, 01:08

Published

Vulnerability first disclosed

22 Dec 2025, 18:44

Last Modified

Vulnerability information updated

Description

urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attempting to mitigate SSRF or open redirect vulnerabilities by disabling redirects at the PoolManager level will remain vulnerable. This issue has been patched in version 2.5.0.

CVSS Metrics

v3.1•MEDIUM•Score: 5.3CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
v3.1•MEDIUM•Score: 6.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS Trends

Current EPSS score: 0.08%• Percentile: 23%

Techniques & Countermeasures

CWE-601•URL Redirection to Untrusted Site ('Open Redirect')
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

Affected Systems

PyPI•urllib3
< 2.5.0
python•urllib3
< 2.5.0
urllib3•urllib3
< 2.5.0