Description

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the host's memory. This issue is fixed in version 3.13.3.

INFO

Published Date :

2026-01-05T22:00:17.715Z

Last Modified :

2026-01-06T19:04:01.249Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-69223 vulnerability.

Vendors Products
Aio-libs
  • Aiohttp Session
Aio-libs Project
  • Aiohttp
Aiohttp
  • Aio-libs
  • Aiohttp
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-69223.

URL Resource
https://github.com/aio-libs/aiohttp/commit/2b920c39002cee0ec5b402581779bbaaf7c9138a cve-icon cve-icon cve-icon
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-6mq8-rvhq-8wgg cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-69223 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-69223 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact