Base Score

MEDIUM4.3

CVE-2025-6069

The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service.

VectorNETWORK

Published Bycna@python.org

Published DateJun 17, 2025, 14:15

Weakness Type (CWE):CWE-1333

CVSS Metrics

Base Score

4.3

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

LOW

References

https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949
https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41
https://github.com/python/cpython/commit/8d1b3dfa09135affbbf27fb8babcf3c11415df49
https://github.com/python/cpython/commit/ab0893fd5c579d9cea30841680e6d35fc478afb5
https://github.com/python/cpython/commit/d851f8e258c7328814943e923a7df81bca15df4b
https://github.com/python/cpython/commit/f3c6f882cddc8dc30320d2e73edf019e201394fc
https://github.com/python/cpython/commit/fdc9d214c01cb4588f540cfa03726bbf2a33fc15
https://github.com/python/cpython/issues/135462
https://github.com/python/cpython/pull/135464
https://mail.python.org/archives/list/security-announce@python.org/thread/K5PIYLR6EP3WR7ZOKKYQUWEDNQVUXOYM/

Base Score

MEDIUM4.3

Weakness Type (CWE):CWE-1333

CVSS Metrics

Base Score

4.3

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

LOW