CVE-2025-8671

HIGH

SUSE Linux Enterprise Module for Development Tools - Denial of Service via HTTP/2 Stream Reset

Title source: llm

Exploitation Summary

EIP tracks 6 public exploits for CVE-2025-8671. PoCs published by moften, ayushghatkar8080, adminlove520.

AI-analyzed exploit summary This repository contains a functional Python-based tool for testing HTTP/2 DDoS vulnerabilities, specifically targeting CVE-2023-44487 (Rapid Reset) and CVE-2025-8671 (MadeYouReset). The tool includes interactive and CLI modes, supports multiple targets, and exports results in JSON/CSV formats.

Description

A mismatch caused by client-triggered server-sent stream resets between HTTP/2 specifications and the internal architectures of some HTTP/2 implementations may result in excessive server resource consumption leading to denial-of-service (DoS). By opening streams and then rapidly triggering the server to reset them—using malformed frames or flow control errors—an attacker can exploit incorrect stream accounting. Streams reset by the server are considered closed at the protocol level, even though backend processing continues. This allows a client to cause the server to handle an unbounded number of concurrent streams on a single connection. This CVE will be updated as affected product details are released.

Exploits (6)

nomisec WORKING POC 6 stars

by moften · poc

https://github.com/moften/CVE-2025-8671-MadeYouReset-HTTP-2-DDoS

View Code ZIP pw:eip

This repository contains a functional Python-based tool for testing HTTP/2 DDoS vulnerabilities, specifically targeting CVE-2023-44487 (Rapid Reset) and CVE-2025-8671 (MadeYouReset). The tool includes interactive and CLI modes, supports multiple targets, and exports results in JSON/CSV formats.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: HTTP/2 servers

No auth needed

Prerequisites: Python 3.x · HTTP/2 support on target server · Network connectivity to target

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec SCANNER 2 stars

by ayushghatkar8080 · poc

https://github.com/ayushghatkar8080/MadeYouReset_Tester

View Code ZIP pw:eip

This repository contains a Python-based scanner that checks for the MadeYouReset (CVE-2025-8671) HTTP/2 DoS vulnerability by sending a malformed WINDOW_UPDATE frame and analyzing the server's response. It does not exploit the vulnerability but detects potential susceptibility.

Classification

Scanner 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: HTTP/2 servers (e.g., Apache Tomcat, Netty, F5 BIG-IP, IBM WebSphere, Varnish)

No auth needed

Prerequisites: TLS/ALPN support for HTTP/2 · network connectivity to target

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Jun 02, 2026 Full analysis →

github WORKING POC 2 stars

by adminlove520 · pythonpoc

https://github.com/adminlove520/CVE-Poc_All_in_One/tree/main/2025/CVE-2025-8671

View Code ZIP pw:eip

The repository contains functional exploit code for multiple CVEs, including authentication bypass vulnerabilities in TOTOLINK devices and a scanner for Fortinet SSL VPN (CVE-2024-21762). The PoCs demonstrate the vulnerabilities with clear technical details and executable scripts.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: TOTOLINK LR350, TOTOLINK T6, Fortinet SSL VPN

No auth needed

Prerequisites: network access to the target device

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1078 - Valid Accounts

devstral-2 · analyzed Feb 27, 2026 Full analysis →

nomisec WORKING POC 2 stars

by mateusm1403 · poc

https://github.com/mateusm1403/PoC-CVE-2025-8671-MadeYouReset-HTTP-2

View Code ZIP pw:eip

This repository contains a functional Python-based PoC for CVE-2025-8671, which targets HTTP/2 implementations by sending malformed frames to trigger potential DoS conditions. The script tests multiple attack vectors, including invalid WINDOW_UPDATE, DATA after END_STREAM, and malformed HEADERS/PRIORITY frames, while logging server responses.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: HTTP/2 implementations (specific vendor/version not specified)

No auth needed

Prerequisites: Network access to target HTTP/2 server · Python 3 with h2 library

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec SCANNER

by mysara2022 · poc

https://github.com/mysara2022/CVE-2025-8671-vulnerability-POC-

View Code ZIP pw:eip

The repository contains a Python-based scanner for CVE-2025-8671, which exploits HTTP/2 stream accounting vulnerabilities by forcing RST_STREAM frames while backend processing continues. It includes statistical analysis for detecting anomalies but does not contain functional exploit code for achieving RCE or other offensive outcomes.

Classification

Scanner 95%

Attack Type

Dos

Complexity

Complex

Reliability

Theoretical

Target: HTTP/2 servers (specific software not explicitly mentioned)

No auth needed

Prerequisites: Network access to target HTTP/2 server · Python 3 with h2 library

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 19, 2026 Full analysis →

nomisec WORKING POC

by abiyeenzo · poc

https://github.com/abiyeenzo/CVE-2025-8671

View Code ZIP pw:eip

This repository contains a functional PoC for CVE-2025-8671, a DoS vulnerability in lighttpd's HTTP/2 implementation. The script checks for vulnerable versions and can trigger a DoS by sending malformed HTTP/2 streams.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: lighttpd < 1.4.80

No auth needed

Prerequisites: Python 3.10+ · h2 library · rich library · HTTP/2 support on target

MITRE ATT&CK