CVE-2025-6069

EUVD-2025-18496
The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
PSFCNA
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
pythoncpython
𝑥
< 3.9.24
CNA
pythoncpython
3.10.0 ≤
𝑥
< 3.10.19
CNA
pythoncpython
3.11.0 ≤
𝑥
< 3.11.14
CNA
pythoncpython
3.12.0 ≤
𝑥
< 3.12.12
CNA
pythoncpython
3.13.0 ≤
𝑥
< 3.13.6
CNA
Debian logo
Debian Releases
Debian Product
Codename
jython
bookworm
vulnerable
bullseye
vulnerable
forky
vulnerable
sid
vulnerable
trixie
vulnerable
pypy3
bookworm
vulnerable
bullseye
vulnerable
bullseye (security)
7.3.5+dfsg-2+deb11u5
fixed
forky
vulnerable
sid
vulnerable
trixie
vulnerable
python2.7
bookworm
no-dsa
bullseye
vulnerable
trixie
no-dsa
python3.11
bookworm
vulnerable
bookworm (security)
vulnerable
trixie
no-dsa
python3.13
bookworm
no-dsa
forky
3.13.12-1
fixed
sid
3.13.12-1
fixed
trixie
vulnerable
python3.9
bookworm
no-dsa
bullseye
vulnerable
bullseye (security)
3.9.2-1+deb11u5
fixed
trixie
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
jython
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
oracular
ignored
plucky
ignored
questing
needs-triage
xenial
needs-triage
python2.7
bionic
needed
focal
needed
jammy
needed
noble
dne
oracular
dne
plucky
dne
questing
dne
trusty
needed
xenial
needed
python3.11
bionic
dne
focal
dne
jammy
Fixed 3.11.0~rc1-1~22.04.1~esm5
released
noble
dne
oracular
dne
plucky
dne
questing
dne
trusty
dne
xenial
dne
python3.12
bionic
dne
focal
dne
jammy
dne
noble
Fixed 3.12.3-1ubuntu0.8
released
oracular
ignored
plucky
dne
questing
dne
trusty
dne
xenial
dne
python3.13
bionic
dne
focal
dne
jammy
dne
noble
dne
oracular
ignored
plucky
Fixed 3.13.3-1ubuntu0.3
released
questing
Fixed 3.13.6-1
released
trusty
dne
xenial
dne
python3.9
bionic
dne
focal
Fixed 3.9.5-3ubuntu0~20.04.1+esm6
released
jammy
dne
noble
dne
oracular
dne
plucky
dne
questing
dne
trusty
dne
xenial
dne
python3.4
bionic
dne
focal
dne
jammy
dne
noble
dne
oracular
dne
plucky
dne
questing
dne
trusty
Fixed 3.4.3-1ubuntu1~14.04.7+esm16
released
xenial
dne
python3.5
bionic
dne
focal
dne
jammy
dne
noble
dne
oracular
dne
plucky
dne
questing
dne
trusty
Fixed 3.5.2-2ubuntu0~16.04.4~14.04.1+esm7
released
xenial
Fixed 3.5.2-2ubuntu0~16.04.13+esm19
released
python3.6
bionic
Fixed 3.6.9-1~18.04ubuntu1.13+esm6
released
focal
dne
jammy
dne
noble
dne
oracular
dne
plucky
dne
questing
dne
trusty
dne
xenial
dne
python3.7
bionic
Fixed 3.7.5-2ubuntu1~18.04.2+esm7
released
focal
dne
jammy
dne
noble
dne
oracular
dne
plucky
dne
questing
dne
trusty
dne
xenial
dne
python3.8
bionic
Fixed 3.8.0-3ubuntu1~18.04.2+esm6
released
focal
Fixed 3.8.10-0ubuntu1~20.04.18+esm2
released
jammy
dne
noble
dne
oracular
dne
plucky
dne
questing
dne
trusty
dne
xenial
dne
python3.10
bionic
dne
focal
dne
jammy
Fixed 3.10.12-1~22.04.11
released
noble
dne
oracular
dne
plucky
dne
questing
dne
trusty
dne
xenial
dne
python3.14
bionic
dne
focal
dne
jammy
dne
noble
dne
oracular
dne
plucky
dne
questing
not-affected
trusty
dne
xenial
dne
Common Weakness Enumeration
References
https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949
https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41
https://github.com/python/cpython/commit/8d1b3dfa09135affbbf27fb8babcf3c11415df49
https://github.com/python/cpython/commit/ab0893fd5c579d9cea30841680e6d35fc478afb5
https://github.com/python/cpython/commit/d851f8e258c7328814943e923a7df81bca15df4b
https://github.com/python/cpython/commit/f3c6f882cddc8dc30320d2e73edf019e201394fc
https://github.com/python/cpython/commit/fdc9d214c01cb4588f540cfa03726bbf2a33fc15
https://github.com/python/cpython/issues/135462
https://github.com/python/cpython/pull/135464
https://mail.python.org/archives/list/security-announce@python.org/thread/K5PIYLR6EP3WR7ZOKKYQUWEDNQVUXOYM/