Description

h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. This issue has been patched in version 0.16.0. Since exploitation requires the combination of buggy h11 with a buggy (reverse) proxy, fixing either component is sufficient to mitigate this issue.

INFO

Published Date :

2025-04-24T18:15:53.328Z

Last Modified :

2025-04-24T19:02:45.130Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-43859 vulnerability.

Vendors Products
Redhat
  • Ansible Automation Platform
  • Openstack
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-43859.

URL Resource
https://github.com/python-hyper/h11/commit/114803a29ce50116dc47951c690ad4892b1a36ed cve-icon cve-icon cve-icon
https://github.com/python-hyper/h11/security/advisories/GHSA-vqfr-h8mv-ghfj cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-43859 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-43859 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact