CVE-2025-69223

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions AIOHTTP versions 3.13.2 and below

Description AIOHTTP, an asynchronous HTTP client/server framework for asyncio and Python, is susceptible to a denial-of-service (DoS) attack. An attacker can send a compressed request, specifically a zip bomb, that when decompressed by AIOHTTP, exhausts the host's memory. This could lead to service disruption.

Recommendations Update AIOHTTP to version 3.13.3 or later.

Exploit

Fix

DoS

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770CWE-409

Related Identifiers

AZL-73494

AZL-73517

BDU:2026-07337

CVE-2025-69223

ECHO-CEBA-EB70-4DA5

GHSA-6MQ8-RVHQ-8WGG

OPENSUSE-SU-2026:10025-1

OPENSUSE-SU-2026:20204-1

RHSA-2026:1249

RHSA-2026:1497

RHSA-2026:1506

RHSA-2026:3958

RHSA-2026:3959

SUSE-SU-2026:0858-1

SUSE-SU-2026:0859-1

SUSE-SU-2026:20425-1

USN-8032-1

Affected Products

Aiohttp

Debian

Linuxmint

Red Os

Ubuntu

CVE-2025-69223

Weakness Enumeration

Related Identifiers

Affected Products

References · 57