DEBIAN-CVE-2025-6069

DEBIAN-CVE-2025-6069 PUBLISHED CVSS 4.300000190734863 MEDIUM

The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service.

Risk Scores

CVSS 3.1

4.300000190734863

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Affected Products

Vendor	Product	Versions
Debian:12	jython	2.7.3+repack1, 0, 0
Debian:11	python3.9	*, 3.9.2-1+deb11u2, 3.9.2-1+deb11u1
Debian:14	jython	2.7.3+repack1, 2.7.3+repack1-1, 0
Debian:14	python3.13	3.13.5-2, 0, 3.13.5-2
Debian:12	pypy3	7.3.14+dfsg, 7.3.13+dfsg, 7.3.12
Debian:11	jython	0, *, 2.7.3+repack1-1
Debian:14	pypy3	7.3.20+dfsg, 0, 7.3.19+dfsg-2
Debian:11	python2.7	2.7.18-8, 2.7.18-10, 2.7.18-11
Debian:13	pypy3	7.3.21+dfsg, 7.3.22+dfsg, 7.3.21+dfsg
Debian:13	python3.13	3.13.5-2, 3.13.6-1, 3.13.8-1
Debian:13	jython	2.7.3+repack1, 2.7.3+repack1-1, 0
Debian:12	python3.11	3.11.8-3, 3.11.8-1.1~exp2, 3.11.3-1
Debian:11	pypy3	7.3.5+dfsg-2+deb11u1, 0, 7.3.5+dfsg-2+deb11u2

Exploit Intelligence

ci.py (github-poc)
ci.py (github-poc)

Timeline

Jun 17, 2025 CVE Published
May 16, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2025-6069 advisory

Open in Interactive Console →