CVE-2025-69229

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions AIOHTTP versions 3.13.2 and below

Description AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Handling of chunked messages in versions 3.13.2 and below can lead to excessive blocking CPU usage when receiving a large number of chunks. If an application uses the request.read() method in an endpoint, an attacker may be able to cause the server to spend a moderate amount of blocking CPU time, potentially leading to a Denial of Service (DoS) as the server may be unable to handle other requests.

Recommendations Versions prior to 3.13.3 should be updated to version 3.13.3 or later.

Exploit

Fix

DoS

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

AZL-73512

AZL-73535

BDU:2026-07328

CVE-2025-69229

ECHO-B126-93F5-659C

GHSA-G84X-MCQJ-X9QQ

OESA-2026-1682

OPENSUSE-SU-2026:10025-1

OPENSUSE-SU-2026:20204-1

SUSE-SU-2026:0858-1

SUSE-SU-2026:0859-1

SUSE-SU-2026:20425-1

USN-8032-1

Affected Products

Aiohttp

Debian

Linuxmint

Red Os

Ubuntu

CVE-2025-69229

Weakness Enumeration

Related Identifiers

Affected Products

References · 67