CVE-2025-53643
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-53643
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-53643.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-53643
- Aliases
- Downstream
- Related
- Published
- 2025-07-14T20:17:18.247Z
- Modified
- 2025-11-28T02:33:59.073308Z
- Severity
-
- 1.7 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U CVSS Calculator
- Summary
- AIOHTTP is vulnerable to HTTP Request/Response Smuggling through incorrect parsing of chunked trailer sections
- Details
-
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTPNOEXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.12.14 contains a patch for this issue.
- Database specific
{ "cna_assigner": "GitHub_M", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/53xxx/CVE-2025-53643.json", "cwe_ids": [ "CWE-444" ] }- References