{"dataType": "CVE_RECORD", "containers": {"adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Moderate\"}"}}}], "affected": [{"vendor": "redhat", "product": "python3-pip", "platforms": ["cpe:/o:redhat:enterprise_linux:10"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "python3-pip-wheel", "platforms": ["cpe:/o:redhat:enterprise_linux:10"], "defaultStatus": "affected"}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-50181"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373799"}, {"url": "https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857"}, {"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-pq67-6m6q-mj2v"}, {"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-50181"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"}], "descriptions": [{"lang": "en", "value": "A flaw was found in urllib3. The `PoolManager` class allows redirects to be disabled by configuring retries in a specific manner, effectively bypassing intended HTTP redirection behavior. A network attacker can leverage this configuration to manipulate request flows and disrupt service. This bypass occurs through improper handling of retry parameters during PoolManager instantiation. This issue can reult in a denial of service or unintended data exposure due to altered request destinations."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-06-19T01:08:00Z", "x_subShortName": "redhat_10"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Moderate\"}"}}}], "affected": [{"vendor": "redhat", "product": "python-pip", "platforms": ["cpe:/o:redhat:enterprise_linux:7"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "python-s3transfer", "platforms": ["cpe:/o:redhat:enterprise_linux:7"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "python3-pip", "platforms": ["cpe:/o:redhat:enterprise_linux:7"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "resource-agents", "platforms": ["cpe:/o:redhat:enterprise_linux:7"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "resource-agents-aliyun", "platforms": ["cpe:/o:redhat:enterprise_linux:7"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "resource-agents-gcp", "platforms": ["cpe:/o:redhat:enterprise_linux:7"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "resource-agents-sap", "platforms": ["cpe:/o:redhat:enterprise_linux:7"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "resource-agents-sap-hana", "platforms": ["cpe:/o:redhat:enterprise_linux:7"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "resource-agents-sap-hana-scaleout", "platforms": ["cpe:/o:redhat:enterprise_linux:7"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "sap-cluster-connector", "platforms": ["cpe:/o:redhat:enterprise_linux:7"], "defaultStatus": "affected"}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-50181"}], "descriptions": [{"lang": "en", "value": "A flaw was found in urllib3. The `PoolManager` class allows redirects to be disabled by configuring retries in a specific manner, effectively bypassing intended HTTP redirection behavior. A network attacker can leverage this configuration to manipulate request flows and disrupt service. This bypass occurs through improper handling of retry parameters during PoolManager instantiation. This issue can reult in a denial of service or unintended data exposure due to altered request destinations. \n            A flaw was found in the urllib3 library where it could be tricked into disclosing the Proxy-Authorization header to a destination server when a CONNECT tunnel is used. An attacker can set up a malicious redirect to a crafted URL, which, when followed by the client application, will cause the Proxy-Authorization header to be sent to the attacker-controlled server. This leaks sensitive credentials for the proxy. The impact is primarily on confidentiality. While urllib3 is a ubiquitous component, the vulnerability requires a specific scenario where a user is connecting to a proxy that requires authentication and is redirected to a malicious endpoint. This lowers the exploitability compared to a direct, unauthenticated remote attack, thus, warranting a Moderate severity rating.\n            Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-06-19T01:08:00Z", "x_subShortName": "redhat_7"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Moderate\"}"}}}], "affected": [{"vendor": "redhat", "product": "fence-agents", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-aliyun", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-all", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-amt-ws", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-apc", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-apc-snmp", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-aws", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-azure-arm", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-bladecenter", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-brocade", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-cisco-mds", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-cisco-ucs", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-common", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-compute", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-drac5", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-eaton-snmp", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-emerson", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-eps", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-gce", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-heuristics-ping", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-hpblade", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-ibm-powervs", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-ibm-vpc", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-ibmblade", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-ifmib", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-ilo-moonshot", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-ilo-mp", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-ilo-ssh", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-ilo2", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-intelmodular", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-ipdu", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-ipmilan", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-kdump", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-kubevirt", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-lpar", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-mpath", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-openstack", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-redfish", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-rhevm", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-rsa", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-rsb", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-sbd", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-scsi", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-virsh", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-vmware-rest", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-vmware-soap", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-wti", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-zvm", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "platform-python-pip", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "python-pip", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "python3-pip", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "python3-pip-wheel", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "python3.11-pip", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "python3.11-pip-wheel", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "python3.12-pip", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "python3.12-pip-wheel", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "python38-pip", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "python38-pip-wheel", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "python39-pip", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "python39-pip-wheel", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "python3x-pip", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-50181"}], "descriptions": [{"lang": "en", "value": "A flaw was found in urllib3. The `PoolManager` class allows redirects to be disabled by configuring retries in a specific manner, effectively bypassing intended HTTP redirection behavior. A network attacker can leverage this configuration to manipulate request flows and disrupt service. This bypass occurs through improper handling of retry parameters during PoolManager instantiation. This issue can reult in a denial of service or unintended data exposure due to altered request destinations. \n            A flaw was found in the urllib3 library where it could be tricked into disclosing the Proxy-Authorization header to a destination server when a CONNECT tunnel is used. An attacker can set up a malicious redirect to a crafted URL, which, when followed by the client application, will cause the Proxy-Authorization header to be sent to the attacker-controlled server. This leaks sensitive credentials for the proxy. The impact is primarily on confidentiality. While urllib3 is a ubiquitous component, the vulnerability requires a specific scenario where a user is connecting to a proxy that requires authentication and is redirected to a malicious endpoint. This lowers the exploitability compared to a direct, unauthenticated remote attack, thus, warranting a Moderate severity rating.\n            Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, {"lang": "en", "value": "Red Hat's versions of the associated software have been determined to NOT be affected by CVE-2025-50181."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-06-19T01:08:00Z", "x_subShortName": "redhat_8"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Moderate\"}"}}}], "affected": [{"vendor": "redhat", "product": "fence-agents", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-aliyun", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-all", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-amt-ws", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-apc", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-apc-snmp", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-aws", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-azure-arm", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-bladecenter", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-brocade", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-cisco-mds", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-cisco-ucs", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-common", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-compute", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-drac5", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-eaton-snmp", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-emerson", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-eps", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-gce", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-heuristics-ping", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-hpblade", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-ibm-powervs", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-ibm-vpc", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-ibmblade", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-ifmib", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-ilo-moonshot", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-ilo-mp", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-ilo-ssh", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-ilo2", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-intelmodular", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-ipdu", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-ipmilan", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-kdump", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-kubevirt", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-lpar", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-mpath", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-openstack", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-redfish", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-rhevm", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-rsa", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-rsb", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-sbd", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-scsi", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-virsh", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-vmware-rest", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-vmware-soap", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-wti", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-agents-zvm", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-virt", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-virtd", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-virtd-cpg", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-virtd-libvirt", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-virtd-multicast", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-virtd-serial", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "fence-virtd-tcp", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "ha-cloud-support", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "python-pip", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "python3-pip", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "python3-pip-wheel", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "python3.11-pip", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "python3.11-pip-wheel", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "python3.12-pip", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "python3.12-pip-wheel", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "rhel9-6-els/rhel", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9-6-els/rhel-minimal", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9-eus/rhel-9.6-bootc", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9-eus/rhel-9.6-bootc-image-builder", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/buildah", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/cups", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/fdo-manufacturing-server", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/fdo-owner-onboarding-server", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/fdo-rendezvous-server", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/fdo-serviceinfo-api-server", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/gcc-toolset-13-toolchain", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/gcc-toolset-14-toolchain", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/go-toolset", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/grafana", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/httpd-24", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/keylime-registrar", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/keylime-verifier", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/mariadb-1011", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/mariadb-105", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/memcached", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/mysql-80", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/mysql-84", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/net-snmp", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/nginx-120", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/nginx-122", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/nginx-124", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/nginx-126", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/nodejs-18", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/nodejs-18-minimal", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/nodejs-20", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/nodejs-20-minimal", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/nodejs-22", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/nodejs-22-minimal", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/pcp", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/perl-532", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/php-80", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/php-81", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/php-82", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/php-83", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/podman", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/postgresql-13", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/postgresql-15", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/postgresql-16", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/python-311", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/python-312", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/python-312-minimal", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/python-39", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/realtime-tests", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/redis-6", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/redis-7", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/rsyslog", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/rteval", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/rtla", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/ruby-30", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/ruby-31", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/ruby-33", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/s2i-base", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/s2i-core", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/skopeo", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/squid", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/support-tools", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/tang", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/toolbox", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "rhel9/varnish-6", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9-init", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9-micro", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9-minimal", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/buildah", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/go-toolset", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/httpd-24", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/nginx-120", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/nginx-122", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/nginx-124", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/nginx-126", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/nodejs-18", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/nodejs-18-minimal", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/nodejs-20", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/nodejs-20-minimal", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/nodejs-22", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/nodejs-22-minimal", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/perl-532", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/php-80", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/php-81", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/php-82", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/php-83", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/podman", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/python-311", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/python-312", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/python-312-minimal", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/python-39", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/ruby-30", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/ruby-31", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/ruby-33", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/s2i-base", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/s2i-core", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/skopeo", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/toolbox", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/ubi", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/ubi-init", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/ubi-micro", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "ubi9/ubi-minimal", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-50181"}], "descriptions": [{"lang": "en", "value": "A flaw was found in urllib3. The `PoolManager` class allows redirects to be disabled by configuring retries in a specific manner, effectively bypassing intended HTTP redirection behavior. A network attacker can leverage this configuration to manipulate request flows and disrupt service. This bypass occurs through improper handling of retry parameters during PoolManager instantiation. This issue can reult in a denial of service or unintended data exposure due to altered request destinations. \n            A flaw was found in the urllib3 library where it could be tricked into disclosing the Proxy-Authorization header to a destination server when a CONNECT tunnel is used. An attacker can set up a malicious redirect to a crafted URL, which, when followed by the client application, will cause the Proxy-Authorization header to be sent to the attacker-controlled server. This leaks sensitive credentials for the proxy. The impact is primarily on confidentiality. While urllib3 is a ubiquitous component, the vulnerability requires a specific scenario where a user is connecting to a proxy that requires authentication and is redirected to a malicious endpoint. This lowers the exploitability compared to a direct, unauthenticated remote attack, thus, warranting a Moderate severity rating.\n            Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, {"lang": "en", "value": "Red Hat's versions of the associated software have been determined to NOT be affected by CVE-2025-50181."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-06-19T01:08:00Z", "x_subShortName": "redhat_9"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"medium\"}"}}}], "affected": [{"vendor": "canonical", "product": "python-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "0:1.22-1ubuntu0.18.04.2+esm3", "versionType": "custom"}], "platforms": ["bionic"], "defaultStatus": "unaffected"}, {"vendor": "canonical", "product": "python3-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "0:1.22-1ubuntu0.18.04.2+esm3", "versionType": "custom"}], "platforms": ["bionic"], "defaultStatus": "unaffected"}, {"vendor": "canonical", "product": "python3-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "0:1.25.8-2ubuntu0.4+esm1", "versionType": "custom"}], "platforms": ["focal"], "defaultStatus": "unaffected"}, {"vendor": "canonical", "product": "python3-pip", "versions": [{"status": "affected", "version": "0", "lessThan": "0:22.0.2+dfsg-1ubuntu0.6", "versionType": "custom"}], "platforms": ["jammy"], "defaultStatus": "unaffected"}, {"vendor": "canonical", "product": "python3-pip-whl", "versions": [{"status": "affected", "version": "0", "lessThan": "0:22.0.2+dfsg-1ubuntu0.6", "versionType": "custom"}], "platforms": ["jammy"], "defaultStatus": "unaffected"}, {"vendor": "canonical", "product": "python3-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "0:1.26.5-1~exp1ubuntu0.3", "versionType": "custom"}], "platforms": ["jammy"], "defaultStatus": "unaffected"}, {"vendor": "canonical", "product": "python3-pip", "versions": [{"status": "affected", "version": "0", "lessThan": "0:24.0+dfsg-1ubuntu1.2", "versionType": "custom"}], "platforms": ["noble"], "defaultStatus": "unaffected"}, {"vendor": "canonical", "product": "python3-pip-whl", "versions": [{"status": "affected", "version": "0", "lessThan": "0:24.0+dfsg-1ubuntu1.2", "versionType": "custom"}], "platforms": ["noble"], "defaultStatus": "unaffected"}, {"vendor": "canonical", "product": "python3-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.0.7-1ubuntu0.2", "versionType": "custom"}], "platforms": ["noble"], "defaultStatus": "unaffected"}, {"vendor": "canonical", "product": "python-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "0:1.13.1-2ubuntu0.16.04.4+esm3", "versionType": "custom"}], "platforms": ["xenial"], "defaultStatus": "unaffected"}, {"vendor": "canonical", "product": "python3-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "0:1.13.1-2ubuntu0.16.04.4+esm3", "versionType": "custom"}], "platforms": ["xenial"], "defaultStatus": "unaffected"}, {"vendor": "unknown", "product": "unknown", "defaultStatus": "unknown"}], "references": [{"url": "https://ubuntu.com/security/CVE-2025-50181"}, {"url": "https://ubuntu.com/security/notices/USN-7599-1"}, {"url": "https://ubuntu.com/security/notices/USN-7599-2"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"}], "descriptions": [{"lang": "en", "value": "not defined"}, {"lang": "en", "value": "urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0,it is possible to disable redirects for all requests by instantiating aPoolManager and specifying retries in a way that disable redirects. Bydefault, requests and botocore users are not affected. An applicationattempting to mitigate SSRF or open redirect vulnerabilities by disablingredirects at the PoolManager level will remain vulnerable. This issue hasbeen patched in version 2.5.0."}], "providerMetadata": {"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical", "dateUpdated": "2025-06-19T01:15:00Z", "x_subShortName": "canonical"}}, {"metrics": [{"other": {"type": "Unknown", "content": {"data": "{\"description\":\"not yet assigned\"}"}}}], "affected": [{"vendor": "debian", "product": "python3-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "1.26.12-1+deb12u2", "versionType": "deb"}], "platforms": ["bookworm"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "python3-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "1.26.5-1~exp1+deb11u2", "versionType": "deb"}], "platforms": ["bullseye"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "python3-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "2.3.0-3", "versionType": "deb"}], "platforms": ["forky", "sid", "trixie"], "defaultStatus": "unaffected"}], "references": [{"url": "https://security-tracker.debian.org/tracker/CVE-2025-50181"}], "descriptions": [{"lang": "en", "value": "urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attempting to mitigate SSRF or open redirect vulnerabilities by disabling redirects at the PoolManager level will remain vulnerable. This issue has been patched in version 2.5.0."}], "providerMetadata": {"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian", "dateUpdated": "2025-12-26T00:00:00.000Z", "x_subShortName": "debian"}}, {"metrics": [{"other": {"type": "Unknown", "content": {"data": "{\"description\":\"medium\"}"}}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"unspecified\"}"}}}], "affected": [{"vendor": "fedora", "product": "pypy", "versions": [{"status": "affected", "version": "0", "lessThan": "0:7.3.20-2.fc41", "versionType": "rpm"}], "platforms": ["cpe:/o:fedoraproject:fedora:41"], "defaultStatus": "unaffected"}, {"vendor": "fedora", "product": "python-pip", "versions": [{"status": "affected", "version": "0", "lessThan": "0:24.2-3.fc41", "versionType": "rpm"}], "platforms": ["cpe:/o:fedoraproject:fedora:41"], "defaultStatus": "unaffected"}, {"vendor": "fedora", "product": "pypy", "versions": [{"status": "affected", "version": "0", "lessThan": "0:7.3.20-2.fc42", "versionType": "rpm"}], "platforms": ["cpe:/o:fedoraproject:fedora:42"], "defaultStatus": "unaffected"}, {"vendor": "fedora", "product": "python-pip", "versions": [{"status": "affected", "version": "0", "lessThan": "0:24.3.1-5.fc42", "versionType": "rpm"}], "platforms": ["cpe:/o:fedoraproject:fedora:42"], "defaultStatus": "unaffected"}, {"vendor": "fedora", "product": "pypy", "versions": [{"status": "affected", "version": "0", "lessThan": "0:7.3.20-2.fc43", "versionType": "rpm"}], "platforms": ["cpe:/o:fedoraproject:fedora:43"], "defaultStatus": "unaffected"}, {"vendor": "fedora", "product": "python-pip", "versions": [{"status": "affected", "version": "0", "lessThan": "0:25.1.1-18.fc43", "versionType": "rpm"}], "platforms": ["cpe:/o:fedoraproject:fedora:43"], "defaultStatus": "unaffected"}], "references": [{"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-6d50efcd0c"}, {"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-870a69fa85"}, {"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-9285942ac9"}, {"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-9b8da6ad7e"}, {"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-a37bf9ddbd"}, {"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-b108c70b29"}], "descriptions": [{"lang": "en", "value": "Security fix for the bundled urllib3 for CVE-2025-50181, rc3 bytecode rebuild.\n"}, {"lang": "en", "value": "pypy: urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation"}, {"lang": "en", "value": "python-pip: urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation"}], "providerMetadata": {"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "shortName": "fedora", "dateUpdated": "2025-07-11T00:17:43Z", "x_subShortName": "fedora"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Moderate\"}"}}}], "affected": [{"vendor": "suse", "product": "python311-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.0.7-150400.7.21.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:23.4", "cpe:/o:suse:oes-release:24.4", "cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-module-public-cloud:15:sp4", "cpe:/o:suse:sle-module-python3:15:sp6", "cpe:/o:suse:sle-module-python3:15:sp7", "cpe:/o:suse:sle_hpc:15:sp4", "cpe:/o:suse:sle_hpc:15:sp6", "cpe:/o:suse:sle_hpc:15:sp7", "cpe:/o:suse:sled:15:sp6", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp4", "cpe:/o:suse:sles:15:sp6", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp4", "cpe:/o:suse:sles_sap:15:sp6", "cpe:/o:suse:sles_sap:15:sp7", "cpe:/o:suse:sles_teradata:15:sp4", "cpe:/o:suse:suse-manager-proxy:4.3", "cpe:/o:suse:suse-manager-retail-branch-server:4.3"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "python3-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "0:1.25.10-150300.4.18.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-module-basesystem:15:sp6", "cpe:/o:suse:sle-module-basesystem:15:sp7", "cpe:/o:suse:sle_hpc:15:sp6", "cpe:/o:suse:sle_hpc:15:sp7", "cpe:/o:suse:sled:15:sp6", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp4", "cpe:/o:suse:sles:15:sp6", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp6", "cpe:/o:suse:sles_sap:15:sp7", "cpe:/o:suse:sles_teradata:15:sp4"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "SUSE bug 1244925"}], "references": [{"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50181", "name": "Mitre CVE-2025-50181"}, {"url": "https://www.suse.com/security/cve/CVE-2025-50181", "name": "SUSE CVE-2025-50181"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041152.html", "name": "SUSE-SU-2025:02735-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041151.html", "name": "SUSE-SU-2025:02736-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041351.html", "name": "SUSE-SU-2025:02985-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041295.html", "name": "SUSE-SU-2025:20558-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-October/042322.html", "name": "SUSE-SU-2025:20856-1"}], "descriptions": [{"lang": "en", "value": "\n    urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attempting to mitigate SSRF or open redirect vulnerabilities by disabling redirects at the PoolManager level will remain vulnerable. This issue has been patched in version 2.5.0.\n    "}], "providerMetadata": {"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse", "dateUpdated": "2025-08-09T00:00:00Z", "x_subShortName": "suse_server_15"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Moderate\"}"}}}], "affected": [{"vendor": "suse", "product": "python3-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "0:1.25.10-150300.4.18.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-module-basesystem:15:sp6", "cpe:/o:suse:sle-module-basesystem:15:sp7", "cpe:/o:suse:sle_hpc:15:sp6", "cpe:/o:suse:sle_hpc:15:sp7", "cpe:/o:suse:sled:15:sp6", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp6", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp6", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "python311-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.0.7-150400.7.21.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-module-python3:15:sp6", "cpe:/o:suse:sle-module-python3:15:sp7", "cpe:/o:suse:sle_hpc:15:sp6", "cpe:/o:suse:sle_hpc:15:sp7", "cpe:/o:suse:sled:15:sp6", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp6", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp6", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "SUSE bug 1244925"}], "references": [{"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50181", "name": "Mitre CVE-2025-50181"}, {"url": "https://www.suse.com/security/cve/CVE-2025-50181", "name": "SUSE CVE-2025-50181"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041152.html", "name": "SUSE-SU-2025:02735-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041151.html", "name": "SUSE-SU-2025:02736-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041351.html", "name": "SUSE-SU-2025:02985-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041295.html", "name": "SUSE-SU-2025:20558-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-October/042322.html", "name": "SUSE-SU-2025:20856-1"}], "descriptions": [{"lang": "en", "value": "\n    urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attempting to mitigate SSRF or open redirect vulnerabilities by disabling redirects at the PoolManager level will remain vulnerable. This issue has been patched in version 2.5.0.\n    "}], "providerMetadata": {"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse", "dateUpdated": "2025-08-09T00:00:00Z", "x_subShortName": "suse_desktop_15"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Moderate\"}"}}}], "affected": [{"vendor": "suse", "product": "python313-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.5.0-160000.2.2", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:sles:16.0"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "SUSE bug 1244925"}], "references": [{"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50181", "name": "Mitre CVE-2025-50181"}, {"url": "https://www.suse.com/security/cve/CVE-2025-50181", "name": "SUSE CVE-2025-50181"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041152.html", "name": "SUSE-SU-2025:02735-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041151.html", "name": "SUSE-SU-2025:02736-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041351.html", "name": "SUSE-SU-2025:02985-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041295.html", "name": "SUSE-SU-2025:20558-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-October/042322.html", "name": "SUSE-SU-2025:20856-1"}], "descriptions": [{"lang": "en", "value": "\n    urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attempting to mitigate SSRF or open redirect vulnerabilities by disabling redirects at the PoolManager level will remain vulnerable. This issue has been patched in version 2.5.0.\n    "}], "providerMetadata": {"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse", "dateUpdated": "2025-11-14T00:00:00Z", "x_subShortName": "suse_server_16"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "amazon", "product": "python-pip-wheel", "versions": [{"status": "affected", "version": "0", "lessThan": "20.2.2-1.amzn2.0.12", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "python-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "1.25.9-1.amzn2.0.5", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "python2-pip", "versions": [{"status": "affected", "version": "0", "lessThan": "20.2.2-1.amzn2.0.12", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "python3-pip", "versions": [{"status": "affected", "version": "0", "lessThan": "20.2.2-1.amzn2.0.12", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "python3-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "1.25.6-2.amzn2.0.3", "versionType": "rpm"}], "defaultStatus": "unaffected"}], "references": [{"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50181"}], "descriptions": [{"lang": "en", "value": "urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attempting to mitigate SSRF or open redirect vulnerabilities by disabling redirects at the PoolManager level will remain vulnerable. This issue has been patched in version 2.5.0."}], "providerMetadata": {"orgId": "00000000-0000-4000-A000-000000000000", "shortName": "alas", "dateUpdated": "2025-07-02T23:14:00Z", "x_subShortName": "alas_2"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "amazon", "product": "python3-pip", "versions": [{"status": "affected", "version": "0", "lessThan": "21.3.1-2.amzn2023.0.13", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "python3-pip-wheel", "versions": [{"status": "affected", "version": "0", "lessThan": "21.3.1-2.amzn2023.0.13", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "python3-urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "1.25.10-5.amzn2023.0.5", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "python3.11-pip", "versions": [{"status": "affected", "version": "0", "lessThan": "22.3.1-2.amzn2023.0.7", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "python3.11-pip-wheel", "versions": [{"status": "affected", "version": "0", "lessThan": "22.3.1-2.amzn2023.0.7", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "python3.12-pip", "versions": [{"status": "affected", "version": "0", "lessThan": "23.2.1-4.amzn2023.0.5", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "python3.12-pip-wheel", "versions": [{"status": "affected", "version": "0", "lessThan": "23.2.1-4.amzn2023.0.5", "versionType": "rpm"}], "defaultStatus": "unaffected"}], "references": [{"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50181"}], "descriptions": [{"lang": "en", "value": "urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attempting to mitigate SSRF or open redirect vulnerabilities by disabling redirects at the PoolManager level will remain vulnerable. This issue has been patched in version 2.5.0."}], "providerMetadata": {"orgId": "00000000-0000-4000-A000-000000000000", "shortName": "alas", "dateUpdated": "2025-07-03T20:37:00Z", "x_subShortName": "alas_2023"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"MODERATE\"}"}}}], "affected": [{"vendor": "pypi", "product": "urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "2.5.0", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/urllib3/urllib3"}, {"url": "https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857"}, {"url": "https://github.com/urllib3/urllib3/releases/tag/2.5.0"}, {"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-pq67-6m6q-mj2v"}, {"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-50181"}], "descriptions": [{"lang": "en", "value": "urllib3 handles redirects and retries using the same mechanism, which is controlled by the `Retry` object. The most common way to disable redirects is at the request level, as follows:\n\n```python\nresp = urllib3.request(\"GET\", \"https://httpbin.org/redirect/1\", redirect=False)\nprint(resp.status)\n# 302\n```\n\nHowever, it is also possible to disable redirects, for all requests, by instantiating a `PoolManager` and specifying `retries` in a way that disable redirects:\n\n```python\nimport urllib3\n\nhttp = urllib3.PoolManager(retries=0)  # should raise MaxRetryError on redirect\nhttp = urllib3.PoolManager(retries=urllib3.Retry(redirect=0))  # equivalent to the above\nhttp = urllib3.PoolManager(retries=False)  # should return the first response\n\nresp = http.request(\"GET\", \"https://httpbin.org/redirect/1\")\n```\n\nHowever, the `retries` parameter is currently ignored, which means all the above examples don't disable redirects.\n\n## Affected usages\n\nPassing `retries` on `PoolManager` instantiation to disable redirects or restrict their number.\n\nBy default, requests and botocore users are not affected.\n\n## Impact\n\nRedirects are often used to exploit SSRF vulnerabilities. An application attempting to mitigate SSRF or open redirect vulnerabilities by disabling redirects at the PoolManager level will remain vulnerable.\n\n## Remediation\n\nYou can remediate this vulnerability with the following steps:\n\n * Upgrade to a patched version of urllib3. If your organization would benefit from the continued support of urllib3 1.x, please contact [sethmichaellarson@gmail.com](mailto:sethmichaellarson@gmail.com) to discuss sponsorship or contribution opportunities.\n * Disable redirects at the `request()` level instead of the `PoolManager()` level."}, {"lang": "en", "value": "urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation"}], "providerMetadata": {"orgId": "28c92f92-d60d-412d-b760-e73465c3df22", "shortName": "pypi", "dateUpdated": "2025-06-18T17:50:00Z", "x_subShortName": "pypi"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Moderate\"}"}}}], "affected": [{"vendor": "unknown", "product": "unknown", "defaultStatus": "unknown"}], "solutions": [{"lang": "en", "value": "SUSE bug 1244925"}], "references": [{"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50181", "name": "Mitre CVE-2025-50181"}, {"url": "https://www.suse.com/security/cve/CVE-2025-50181", "name": "SUSE CVE-2025-50181"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041152.html", "name": "SUSE-SU-2025:02735-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041151.html", "name": "SUSE-SU-2025:02736-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041351.html", "name": "SUSE-SU-2025:02985-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041295.html", "name": "SUSE-SU-2025:20558-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-October/042322.html", "name": "SUSE-SU-2025:20856-1"}], "descriptions": [{"lang": "en", "value": "\n    urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attempting to mitigate SSRF or open redirect vulnerabilities by disabling redirects at the PoolManager level will remain vulnerable. This issue has been patched in version 2.5.0.\n    "}], "providerMetadata": {"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse", "dateUpdated": "2025-08-02T00:00:00Z", "x_subShortName": "suse_server_12"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"cpes": ["cpe:2.3:a:python:urllib3:*:*:*:*:*:*:*:*"], "vendor": "python", "product": "urllib3", "versions": [{"status": "affected", "version": "0", "lessThan": "2.5.0", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-pq67-6m6q-mj2v", "tags": ["exploit", "vendor-advisory"]}, {"url": "https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857", "tags": ["patch"]}, {"url": "https://github.com/urllib3/urllib3/releases/tag/2.5.0"}], "descriptions": [{"lang": "en", "value": "urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attempting to mitigate SSRF or open redirect vulnerabilities by disabling redirects at the PoolManager level will remain vulnerable. This issue has been patched in version 2.5.0."}, {"lang": "es", "value": "urllib3 es una librería cliente HTTP intuitiva para Python. Antes de la versión 2.5.0, era posible deshabilitar las redirecciones para todas las solicitudes instanciando un PoolManager y especificando reintentos para deshabilitarlas. Por defecto, las solicitudes y los usuarios de botocore no se ven afectados. Una aplicación que intente mitigar vulnerabilidades de SSRF o de redirección abierta deshabilitando las redirecciones a nivel de PoolManager seguirá siendo vulnerable. Este problema se ha corregido en la versión 2.5.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-601", "description": "CWE-601"}]}], "providerMetadata": {"orgId": "00000000-0000-4000-A000-000000000003", "shortName": "nvd", "dateUpdated": "2025-06-19T01:15:24Z", "x_subShortName": "nvd"}}}, "cveMetadata": {"cveId": "CVE-2025-50181", "state": "PUBLISHED", "dateUpdated": "2025-12-22T19:15:49Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-06-19T01:15:24Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.0"}