CVE-2025-50181

CVE-2025-50181

Name

CVE-2025-50181

Description

urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attempting to mitigate SSRF or open redirect vulnerabilities by disabling redirects at the PoolManager level will remain vulnerable. This issue has been patched in version 2.5.0.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857
CONFIRM	https://github.com/urllib3/urllib3/security/advisories/GHSA-pq67-6m6q-mj2v
security-advisories@github.com	https://github.com/urllib3/urllib3/releases/tag/2.5.0

Type

URI

MISC

https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857

CONFIRM

https://github.com/urllib3/urllib3/security/advisories/GHSA-pq67-6m6q-mj2v

security-advisories@github.com

https://github.com/urllib3/urllib3/releases/tag/2.5.0

CPE URI	Source package	Min version	Max version
	py3-urllib3	>= 0	< 2.5.0
`cpe:2.3:a:python:urllib3::::::::`	py3-urllib3	>= None	< 2.5.0

CPE URI

Source package

Min version

Max version

py3-urllib3

>= 0

< 2.5.0

cpe:2.3:a:python:urllib3:*:*:*:*:*:*:*:*

py3-urllib3

>= None

< 2.5.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
py3-urllib3	edge-main	1.26.20-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
py3-urllib3	edge-main	1.26.18-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
py3-urllib3	edge-main	1.26.17-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
py3-urllib3	edge-main	1.26.4-r0	None	possibly vulnerable
py3-urllib3	edge-main	1.25.9-r0	None	possibly vulnerable
py3-urllib3	3.22-main	1.26.20-r1	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
py3-urllib3	3.22-main	1.26.20-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
py3-urllib3	3.22-main	1.26.18-r0	None	possibly vulnerable
py3-urllib3	3.22-main	1.26.17-r0	None	possibly vulnerable
py3-urllib3	3.22-main	1.26.4-r0	None	possibly vulnerable
py3-urllib3	3.22-main	1.25.9-r0	None	possibly vulnerable
py3-urllib3	3.21-main	1.26.20-r1	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
py3-urllib3	3.21-main	1.26.20-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
py3-urllib3	3.21-main	1.26.18-r0	None	possibly vulnerable
py3-urllib3	3.21-main	1.26.17-r0	None	possibly vulnerable
py3-urllib3	3.21-main	1.26.4-r0	None	possibly vulnerable
py3-urllib3	3.21-main	1.25.9-r0	None	possibly vulnerable
py3-urllib3	3.20-main	1.26.18-r2	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
py3-urllib3	3.20-main	1.26.18-r1	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
py3-urllib3	3.20-main	1.26.18-r0	None	possibly vulnerable
py3-urllib3	3.20-main	1.26.17-r0	None	possibly vulnerable
py3-urllib3	3.20-main	1.26.4-r0	None	possibly vulnerable
py3-urllib3	3.20-main	1.25.9-r0	None	possibly vulnerable
py3-urllib3	3.19-main	1.26.18-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
py3-urllib3	3.19-main	1.26.17-r0	None	possibly vulnerable
py3-urllib3	3.19-main	1.26.4-r0	None	possibly vulnerable
py3-urllib3	3.19-main	1.25.9-r0	None	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

References

Match rules

Vulnerable and fixed packages