CVEFinder.io

CVE-2025-50182

🔶 medium
🔍 Scan for this CVE
Summary

urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpRequest. This means Python libraries can be used to make HTTP requests from a browser or Node.js. Additionally, urllib3 provides a mechanism to control redirects, but the retries and redirect parameters are ignored with Pyodi

Description

urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpRequest. This means Python libraries can be used to make HTTP requests from a browser or Node.js. Additionally, urllib3 provides a mechanism to control redirects, but the retries and redirect parameters are ignored with Pyodide; the runtime itself determines redirect behavior. This issue has been patched in version 2.5.0.

CVSS Score
5.3
Medium
EPSS Score
0.0
Exploit Probability
Published Date
2025-06-19
First Seen: 2026-01-05
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 19.7% of all 328,009 vulnerabilities in our database.

#263,349
Below average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: Jun 23, 2025
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Partial
Limited system impact
SSVC data provided by CISA
Last Modified 2025-12-22
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE IDs (Weakness Types)
CWE-601

📦 Affected Products 1

Vendor Product Status Affected Versions
python urllib3 Affected
≥ 2.2.0 < 2.5.0

🔗 References 3

https://github.com/urllib3/urllib3/commit/7eb4a2aafe...
Patch
https://github.com/urllib3/urllib3/releases/tag/2.5.0
https://github.com/urllib3/urllib3/security/advisori...
Vendor Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-44431 🔶 medium 5.3 0.0 urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-le... 2026-05-13
CVE-2026-44432 ⚠️ high 7.5 0.0 urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response in... 2026-05-13
CVE-2026-21441 ⚠️ high 7.5 0.0 urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HT... 2026-01-07
CVE-2025-66418 ⚠️ high 7.5 0.0 urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of li... 2025-12-05
CVE-2025-66471 ⚠️ high 7.5 0.0 urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API... 2025-12-05
CVE-2025-50181 🔶 medium 5.3 0.0 urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all r... 2025-06-19
These CVEs affect the same products