vulnerability
Ubuntu: (Multiple Advisories) (CVE-2025-50181): urllib3 vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:M/Au:S/C:C/I:N/A:N) | Jun 19, 2025 | Jun 26, 2025 | Apr 16, 2026 |
Severity
6
CVSS
(AV:N/AC:M/Au:S/C:C/I:N/A:N)
Published
Jun 19, 2025
Added
Jun 26, 2025
Modified
Apr 16, 2026
Description
urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attempting to mitigate SSRF or open redirect vulnerabilities by disabling redirects at the PoolManager level will remain vulnerable. This issue has been patched in version 2.5.0.
Solutions
ubuntu-pro-upgrade-python-urllib3ubuntu-pro-upgrade-python3-urllib3ubuntu-upgrade-python3-pipubuntu-upgrade-python3-urllib3
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.