PT-2026-1354 · Aiohttp+4 · Aiohttp+4

Published

2026-01-05

Updated

2026-04-20

CVE-2025-69228

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions AIOHTTP versions 3.13.2 and below

Description AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below are susceptible to a denial of service condition. An attacker can craft a request that causes an AIOHTTP server to experience uncontrolled memory consumption during processing. Specifically, if an application uses the Request.post() method within a handler, an attacker may be able to freeze the server by exhausting its memory.

Recommendations Update AIOHTTP to version 3.13.3 or later.

Exploit

Fix

DoS

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

AZL-73509

AZL-73532

BDU:2026-07270

CVE-2025-69228

ECHO-EC36-3803-B3EB

GHSA-6JHG-HG63-JVVF

OESA-2026-1682

OPENSUSE-SU-2026:10025-1

OPENSUSE-SU-2026:20204-1

SUSE-SU-2026:0858-1

SUSE-SU-2026:0859-1

SUSE-SU-2026:20425-1

USN-8032-1

Affected Products

Aiohttp

Debian

Linuxmint

Red Os

Ubuntu

PT-2026-1354 · Aiohttp+4 · Aiohttp+4

CVE-2025-69228

Weakness Enumeration

Related Identifiers

Affected Products

References · 64