CVE-2025-69225

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions AIOHTTP versions 3.13.2 and below

Description AIOHTTP, an asynchronous HTTP client/server framework for asyncio and Python, has an issue in its parser logic. The parser allows non-ASCII decimals to be present in the Range header. This could potentially lead to a request smuggling vulnerability, although there is no known impact at this time.

Recommendations Update to version 3.13.3 or later.

Exploit

Fix

HTTP Request/Response Smuggling

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-444

Related Identifiers

AZL-73500

AZL-73523

BDU:2026-07209

CVE-2025-69225

ECHO-F48E-4A57-79F6

GHSA-MQQC-3GQH-H2X8

OESA-2026-1682

OPENSUSE-SU-2026:10025-1

OPENSUSE-SU-2026:20204-1

SUSE-SU-2026:0858-1

SUSE-SU-2026:0859-1

SUSE-SU-2026:20425-1

USN-8032-1

Affected Products

Aiohttp

Debian

Linuxmint

Red Os

Ubuntu

CVE-2025-69225

Weakness Enumeration

Related Identifiers

Affected Products

References · 61