Description

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.12.14 contains a patch for this issue.

INFO

Published Date :

2025-07-14T20:17:18.247Z

Last Modified :

2025-07-15T19:50:40.717Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-53643 vulnerability.

Vendors Products
Aiohttp
  • Aiohttp
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-53643.

URL Resource
https://github.com/aio-libs/aiohttp/commit/e8d774f635dc6d1cd3174d0e38891da5de0e2b6a cve-icon cve-icon cve-icon
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-9548-qrrj-x5pj cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-53643 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-53643 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact