CVE-2025-6069

The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
PSFCNA
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 26%
Debian logo
Debian Releases
Debian Product
Codename
jython
bullseye
postponed
trixie
no-dsa
bookworm
no-dsa
forky
vulnerable
sid
vulnerable
pypy3
bullseye
postponed
trixie
no-dsa
bookworm
no-dsa
bullseye (security)
vulnerable
forky
vulnerable
sid
vulnerable
python2.7
bullseye
vulnerable
trixie
no-dsa
bookworm
no-dsa
python3.11
bookworm
no-dsa
trixie
no-dsa
bullseye
postponed
bookworm (security)
vulnerable
python3.13
trixie
no-dsa
bookworm
no-dsa
bullseye
postponed
forky
3.13.7-1
fixed
sid
3.13.7-1
fixed
python3.9
bullseye
postponed
trixie
no-dsa
bookworm
no-dsa
bullseye (security)
vulnerable
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
jython
plucky
needs-triage
oracular
ignored
noble
needs-triage
jammy
needs-triage
focal
needs-triage
bionic
needs-triage
xenial
needs-triage
python2.7
plucky
dne
oracular
dne
noble
dne
jammy
needed
focal
needed
bionic
needed
xenial
needed
trusty
needed
python3.11
plucky
dne
oracular
dne
noble
dne
jammy
Fixed 3.11.0~rc1-1~22.04.1~esm5
released
focal
dne
bionic
dne
xenial
dne
trusty
dne
python3.12
plucky
dne
oracular
ignored
noble
Fixed 3.12.3-1ubuntu0.8
released
jammy
dne
focal
dne
bionic
dne
xenial
dne
trusty
dne
python3.13
plucky
Fixed 3.13.3-1ubuntu0.3
released
oracular
ignored
noble
dne
jammy
dne
focal
dne
bionic
dne
xenial
dne
trusty
dne
python3.9
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
Fixed 3.9.5-3ubuntu0~20.04.1+esm6
released
bionic
dne
xenial
dne
trusty
dne
python3.4
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
bionic
dne
xenial
dne
trusty
Fixed 3.4.3-1ubuntu1~14.04.7+esm16
released
python3.5
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
bionic
dne
xenial
Fixed 3.5.2-2ubuntu0~16.04.13+esm19
released
trusty
Fixed 3.5.2-2ubuntu0~16.04.4~14.04.1+esm7
released
python3.6
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
bionic
Fixed 3.6.9-1~18.04ubuntu1.13+esm6
released
xenial
dne
trusty
dne
python3.7
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
bionic
Fixed 3.7.5-2ubuntu1~18.04.2+esm7
released
xenial
dne
trusty
dne
python3.8
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
Fixed 3.8.10-0ubuntu1~20.04.18+esm2
released
bionic
Fixed 3.8.0-3ubuntu1~18.04.2+esm6
released
xenial
dne
trusty
dne
python3.10
plucky
dne
oracular
dne
noble
dne
jammy
Fixed 3.10.12-1~22.04.11
released
focal
dne
bionic
dne
xenial
dne
trusty
dne
python3.14
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
bionic
dne
xenial
dne
trusty
dne
Common Weakness Enumeration
References
https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949
https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41
https://github.com/python/cpython/commit/8d1b3dfa09135affbbf27fb8babcf3c11415df49
https://github.com/python/cpython/commit/ab0893fd5c579d9cea30841680e6d35fc478afb5
https://github.com/python/cpython/commit/d851f8e258c7328814943e923a7df81bca15df4b
https://github.com/python/cpython/commit/f3c6f882cddc8dc30320d2e73edf019e201394fc
https://github.com/python/cpython/commit/fdc9d214c01cb4588f540cfa03726bbf2a33fc15
https://github.com/python/cpython/issues/135462
https://github.com/python/cpython/pull/135464
https://mail.python.org/archives/list/security-announce@python.org/thread/K5PIYLR6EP3WR7ZOKKYQUWEDNQVUXOYM/