DEBIAN-CVE-2025-50181

DEBIAN-CVE-2025-50181 PUBLISHED CVSS 6.099999904632568 MEDIUM

urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attempting to mitigate SSRF or open redirect vulnerabilities by disabling redirects at the PoolManager level will remain vulnerable. This issue has been patched in version 2.5.0.

Risk Scores

CVSS 3.1

6.099999904632568

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected Products

Vendor	Product	Versions
Debian:11	python-urllib3	0, 1.26.5-1~exp1, 1.26.5-1~exp1+deb11u1
Debian:13	python-urllib3	0, 0
Debian:14	python-urllib3	0, 0
Debian:12	python-urllib3	1.26.12-1+deb12u1, 0, 0

Exploit Intelligence

sarif.json (github-poc)

Timeline

Jun 19, 2025 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2025-50181 advisory

Open in Interactive Console →