CVE-2025-50181

EUVD-2025-18908
urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attempting to mitigate SSRF or open redirect vulnerabilities by disabling redirects at the PoolManager level will remain vulnerable. This issue has been patched in version 2.5.0.
Open Redirect
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
GitHub_MCNA
5.3 MEDIUM
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
Affected Products (NVD)
VendorProductVersion
pythonurllib3
𝑥
< 2.5.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
python-pip
bionic
not-affected
focal
not-affected
jammy
Fixed 22.0.2+dfsg-1ubuntu0.6
released
noble
Fixed 24.0+dfsg-1ubuntu1.2
released
oracular
Fixed 24.2+dfsg-1ubuntu0.2
released
plucky
Fixed 25.0+dfsg-1ubuntu0.1
released
trusty
not-affected
xenial
not-affected
python-urllib3
bionic
Fixed 1.22-1ubuntu0.18.04.2+esm3
released
focal
Fixed 1.25.8-2ubuntu0.4+esm1
released
jammy
Fixed 1.26.5-1~exp1ubuntu0.3
released
noble
Fixed 2.0.7-1ubuntu0.2
released
oracular
Fixed 2.0.7-2ubuntu0.2
released
plucky
Fixed 2.3.0-2ubuntu0.1
released
trusty
not-affected
xenial
Fixed 1.13.1-2ubuntu0.16.04.4+esm3
released
Common Weakness Enumeration
References
https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857
https://github.com/urllib3/urllib3/releases/tag/2.5.0
https://github.com/urllib3/urllib3/security/advisories/GHSA-pq67-6m6q-mj2v