CVE-2025-6069
MEDIUMCPython < 3.9.24, 3.10.0-3.10.18, 3.11.0-3.11.13, 3.12.0-3.12.11, 3.13.0-3.13.5, 3.14.0a1-3.14.0b2 - DoS via HTML Parser
Title source: llmDescription
The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service.
References (10)
Core 10
Core References
Issue Tracking issue-tracking
https://github.com/python/cpython/issues/135462
Various Sources vendor-advisory
https://mail.python.org/archives/list/[email protected]/thread/K5PIYLR6EP3WR7ZOKKYQUWEDNQVUXOYM/
Issue Tracking patch
https://github.com/python/cpython/pull/135464
Scores
CVSS v3
4.3
EPSS
0.0046
EPSS Percentile
36.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-1333
Status
published
Products (7)
Python Software Foundation/CPython
< 3.10.19
Python Software Foundation/CPython
< 3.9.24
Python Software Foundation/CPython
3.10.0 - 3.10.19
Python Software Foundation/CPython
3.11.0 - 3.11.14
Python Software Foundation/CPython
3.12.0 - 3.12.12
Python Software Foundation/CPython
3.13.0 - 3.13.6
Python Software Foundation/CPython
3.14.0a1 - 3.14.0b3
Published
Jun 17, 2025
Tracked Since
Feb 18, 2026