CVE-2025-69229
- Source
- https://cve.org/CVERecord?id=CVE-2025-69229
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-69229.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-69229
- Aliases
- Downstream
- Related
- Published
- 2026-01-05T23:37:52.955Z
- Modified
- 2026-06-18T03:56:14.702086067Z
- Severity
-
- 6.6 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U CVSS Calculator
- Summary
- AIOHTTP vulnerable to DoS through chunked messages
- Details
-
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, handling of chunked messages can result in excessive blocking CPU usage when receiving a large number of chunks. If an application makes use of the request.read() method in an endpoint, it may be possible for an attacker to cause the server to spend a moderate amount of blocking CPU time (e.g. 1 second) while processing the request. This could potentially lead to DoS as the server would be unable to handle other requests during that time. This issue is fixed in version 3.13.3.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/69xxx/CVE-2025-69229.json", "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-770" ] }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/69xxx/CVE-2025-69229.json
- https://github.com/aio-libs/aiohttp/security/advisories/GHSA-g84x-mcqj-x9qq
- https://nvd.nist.gov/vuln/detail/CVE-2025-69229
- https://github.com/aio-libs/aiohttp/commit/4ed97a4e46eaf61bd0f05063245f613469700229
- https://github.com/aio-libs/aiohttp/commit/dc3170b56904bdf814228fae70a5501a42a6c712
Affected packages
Git / github.com/aio-libs/aiohttp
Affected ranges
- Type
- GIT
- Repo
- https://github.com/aio-libs/aiohttp
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixedFixed
- Database specific
{ "extracted_events": [ { "introduced": "0" }, { "fixed": "3.13.3" } ], "cpe": "cpe:2.3:a:aiohttp:aiohttp:*:*:*:*:*:*:*:*", "source": [ "CPE_RANGE", "REFERENCES" ] }
Affected versions
0.*
0.15.2
0.8.2
1.*
1.3.0
2.*
2.0.0
2.0.0rc1
4v0.*
4v0.21.6
v.*
v.0.6.5
v0.*
v0.1
v0.10.0
v0.10.1
v0.11.0
v0.12.0
v0.13.0
v0.13.1
v0.14.0
v0.14.1
v0.14.2
v0.14.3
v0.14.4
v0.15.0
v0.15.1
v0.15.2
v0.15.3
v0.16.0
v0.16.1
v0.16.2
v0.16.3
v0.17.0
v0.18.0
v0.19.0
v0.2
v0.20.0
v0.20.1
v0.21.0
v0.22.0
v0.22.0b0
v0.22.0b1
v0.22.0b2
v0.22.0b3
v0.22.0b4
v0.22.0b5
v0.22.0b6
v0.22.1
v0.3
v0.4
v0.4.1
v0.4.2
v0.5.0
v0.6.1
v0.6.2
v0.6.3
v0.6.4
v0.7.0
v0.7.1
v0.7.2
v0.7.3
v0.8.0
v0.8.1
v0.8.3
v0.8.4
v0.9.0
v0.9.1
v0.9.2
v1.*
v1.0.0
v1.0.1
v1.1.0
v1.1.1
v1.2.0
v2.*
v2.1.0
v2.2.0
v2.3.0
v2.3.0a1
v2.3.0a2
v2.3.0a3
v2.3.0a4
v3.*
v3.0.0b0
v3.0.0b1
v3.0.0b2
v3.0.0b3
v3.0.0b4
v3.1.0
v3.10.0
v3.10.0b0
v3.10.0b1
v3.10.0rc0
v3.11.0
v3.11.0b0
v3.11.0b1
v3.11.0b2
v3.11.0b3
v3.11.0b4
v3.11.0b5
v3.11.0rc0
v3.11.0rc1
v3.11.0rc2
v3.12.0
v3.12.0b0
v3.12.0b1
v3.12.0b2
v3.12.0b3
v3.12.0rc0
v3.12.0rc1
v3.13.0
v3.13.1
v3.13.2
v3.2.0
v3.4.0
v3.4.0a0
v3.4.0a3
v3.4.0b1
v3.4.0b2
v3.5.0
v3.5.0a1
v3.5.0b1
v3.5.0b2
v3.5.0b3
v3.5.1
v3.5.2
v3.5.3
v3.5.4
v3.6.0
v3.6.0a0
v3.6.0a1
v3.6.0a10
v3.6.0a11
v3.6.0a12
v3.6.0a2
v3.6.0a3
v3.6.0a4
v3.6.0a5
v3.6.0a6
v3.6.0a7
v3.6.0a8
v3.6.0a9
v3.6.0b0
v3.6.1
v3.6.1b3
v3.6.1b4
v3.6.2
v3.6.2a1
v3.6.2a2
v3.7.0
v3.7.0b0
v3.7.0b1
v3.7.1
v3.8.0
v3.9.0
v3.9.0b0
v3.9.0b1
v3.9.0rc0