CVE-2025-6069

The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
PSFCNA
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Debian logo
Debian Releases
Debian Product
Codename
jython
bullseye
vulnerable
bookworm
no-dsa
sid
vulnerable
trixie
vulnerable
python2.7
bullseye
vulnerable
bookworm
no-dsa
python3.11
bookworm
vulnerable
bookworm (security)
vulnerable
python3.12
sid
vulnerable
bookworm
no-dsa
python3.13
trixie
vulnerable
bookworm
no-dsa
sid
vulnerable
python3.9
bullseye
vulnerable
bookworm
no-dsa
bullseye (security)
vulnerable
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
jython
plucky
needs-triage
oracular
needs-triage
noble
needs-triage
jammy
needs-triage
focal
needs-triage
bionic
needs-triage
xenial
needs-triage
python2.7
plucky
dne
oracular
dne
noble
dne
jammy
needs-triage
focal
needs-triage
bionic
needs-triage
xenial
needs-triage
trusty
needs-triage
python3.11
plucky
dne
oracular
dne
noble
dne
jammy
needs-triage
python3.12
plucky
dne
oracular
needs-triage
noble
needs-triage
jammy
dne
python3.13
plucky
needs-triage
oracular
needs-triage
noble
dne
jammy
dne
python3.9
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
needs-triage
Common Weakness Enumeration
References
https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949
https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41
https://github.com/python/cpython/commit/d851f8e258c7328814943e923a7df81bca15df4b
https://github.com/python/cpython/issues/135462
https://github.com/python/cpython/pull/135464
https://mail.python.org/archives/list/security-announce@python.org/thread/K5PIYLR6EP3WR7ZOKKYQUWEDNQVUXOYM/