vulnerability
Red Hat: CVE-2025-50181: urllib3: urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:M/Au:S/C:C/I:N/A:N) | Jun 19, 2025 | Jul 9, 2025 | Jul 10, 2025 |
Severity
6
CVSS
(AV:N/AC:M/Au:S/C:C/I:N/A:N)
Published
Jun 19, 2025
Added
Jul 9, 2025
Modified
Jul 10, 2025
Description
urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attempting to mitigate SSRF or open redirect vulnerabilities by disabling redirects at the PoolManager level will remain vulnerable. This issue has been patched in version 2.5.0.
Solution
no-fix-redhat-rpm-package
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.