{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-43859", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-04-17T20:07:08.556Z", "datePublished": "2025-04-24T18:15:53.328Z", "dateUpdated": "2025-04-24T19:02:45.130Z"}, "containers": {"cna": {"title": "h11 accepts some malformed Chunked-Encoding bodies", "problemTypes": [{"descriptions": [{"cweId": "CWE-444", "lang": "en", "description": "CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/python-hyper/h11/security/advisories/GHSA-vqfr-h8mv-ghfj", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/python-hyper/h11/security/advisories/GHSA-vqfr-h8mv-ghfj"}, {"name": "https://github.com/python-hyper/h11/commit/114803a29ce50116dc47951c690ad4892b1a36ed", "tags": ["x_refsource_MISC"], "url": "https://github.com/python-hyper/h11/commit/114803a29ce50116dc47951c690ad4892b1a36ed"}], "affected": [{"vendor": "python-hyper", "product": "h11", "versions": [{"version": "< 0.16.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-04-24T18:15:53.328Z"}, "descriptions": [{"lang": "en", "value": "h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. This issue has been patched in version 0.16.0. Since exploitation requires the combination of buggy h11 with a buggy (reverse) proxy, fixing either component is sufficient to mitigate this issue."}], "source": {"advisory": "GHSA-vqfr-h8mv-ghfj", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-24T19:02:05.000674Z", "id": "CVE-2025-43859", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-24T19:02:45.130Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-43859", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-24T19:02:05.000674Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-24T19:02:18.751Z"}}], "cna": {"title": "h11 accepts some malformed Chunked-Encoding bodies", "source": {"advisory": "GHSA-vqfr-h8mv-ghfj", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "python-hyper", "product": "h11", "versions": [{"status": "affected", "version": "< 0.16.0"}]}], "references": [{"url": "https://github.com/python-hyper/h11/security/advisories/GHSA-vqfr-h8mv-ghfj", "name": "https://github.com/python-hyper/h11/security/advisories/GHSA-vqfr-h8mv-ghfj", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/python-hyper/h11/commit/114803a29ce50116dc47951c690ad4892b1a36ed", "name": "https://github.com/python-hyper/h11/commit/114803a29ce50116dc47951c690ad4892b1a36ed", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. This issue has been patched in version 0.16.0. Since exploitation requires the combination of buggy h11 with a buggy (reverse) proxy, fixing either component is sufficient to mitigate this issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-444", "description": "CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-04-24T18:15:53.328Z"}}}, "cveMetadata": {"cveId": "CVE-2025-43859", "state": "PUBLISHED", "dateUpdated": "2025-04-24T19:02:45.130Z", "dateReserved": "2025-04-17T20:07:08.556Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-04-24T18:15:53.328Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. This issue has been patched in version 0.16.0. Since exploitation requires the combination of buggy h11 with a buggy (reverse) proxy, fixing either component is sufficient to mitigate this issue."}, {"lang": "es", "value": "h11 es una implementaci\u00f3n de Python de HTTP/1.1. Antes de la versi\u00f3n 0.16.0, una tolerancia en el an\u00e1lisis de terminadores de l\u00ednea por parte de h11 en cuerpos de mensajes con codificaci\u00f3n fragmentada pod\u00eda provocar vulnerabilidades de contrabando de solicitudes en ciertas circunstancias. Este problema se ha corregido en la versi\u00f3n 0.16.0. Dado que su explotaci\u00f3n requiere la combinaci\u00f3n de h11 con errores y un proxy inverso con errores, la correcci\u00f3n de cualquiera de los componentes es suficiente para mitigar este problema."}], "id": "CVE-2025-43859", "lastModified": "2025-04-29T13:52:28.490", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2025-04-24T19:15:47.060", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/python-hyper/h11/commit/114803a29ce50116dc47951c690ad4892b1a36ed"}, {"source": "security-advisories@github.com", "url": "https://github.com/python-hyper/h11/security/advisories/GHSA-vqfr-h8mv-ghfj"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-444"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2025:8615", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "package": "ansible-automation-platform-24/lightspeed-rhel8:2.4.250225-12", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8", "release_date": "2025-06-05T00:00:00Z"}, {"advisory": "RHSA-2025:8221", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package": "ansible-automation-platform-25/ee-supported-rhel8:1.0.0-1016", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date": "2025-05-27T00:00:00Z"}, {"advisory": "RHSA-2025:8221", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package": "ansible-automation-platform-25/lightspeed-chatbot-rhel8:2.5.250528-1", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date": "2025-05-27T00:00:00Z"}, {"advisory": "RHSA-2025:8221", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package": "ansible-automation-platform-25/lightspeed-rhel8:2.5.250528-1", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date": "2025-05-27T00:00:00Z"}, {"advisory": "RHSA-2025:8221", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package": "ansible-automation-platform-25/ee-cloud-services-rhel9:1.0.0-309", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date": "2025-05-27T00:00:00Z"}, {"advisory": "RHSA-2025:8221", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package": "ansible-automation-platform-25/ee-supported-rhel9:1.0.0-1015", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date": "2025-05-27T00:00:00Z"}, {"advisory": "RHSA-2025:7536", "cpe": "cpe:/a:redhat:openstack:17.1::el9", "package": "python-h11-0:0.12.0-2.1.el9ost", "product_name": "Red Hat OpenStack Platform 17.1 for RHEL 9", "release_date": "2025-05-14T00:00:00Z"}, {"advisory": "RHSA-2025:7535", "cpe": "cpe:/a:redhat:openstack:18.0::el9", "package": "python-h11-0:0.12.0-4.el9ost", "product_name": "Red Hat OpenStack Services on OpenShift 18.0", "release_date": "2025-05-14T00:00:00Z"}], "bugzilla": {"description": "h11: h11 accepts some malformed Chunked-Encoding bodies", "id": "2362162", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362162"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "status": "verified"}, "cwe": "CWE-444", "details": ["h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. This issue has been patched in version 0.16.0. Since exploitation requires the combination of buggy h11 with a buggy (reverse) proxy, fixing either component is sufficient to mitigate this issue.", "A flaw was found in the h11. This vulnerability allows request smuggling via improper parsing of chunked-coding message bodies, where h11 fails to validate the required \\r\\n terminators."], "mitigation": {"lang": "en:us", "value": "Ensure any applications using h11 are behind a correctly configured reverse proxy will prevent exploitation of this flaw."}, "name": "CVE-2025-43859", "package_state": [{"cpe": "cpe:/a:redhat:openshift_lightspeed", "fix_state": "Affected", "package_name": "openshift-lightspeed-tech-preview/lightspeed-service-api-rhel9", "product_name": "OpenShift Lightspeed"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Not affected", "package_name": "ansible-automation-platform-24/platform-resource-runner-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Affected", "package_name": "rhelai1/bootc-amd-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Affected", "package_name": "rhelai1/bootc-aws-nvidia-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Affected", "package_name": "rhelai1/bootc-azure-amd-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Affected", "package_name": "rhelai1/bootc-azure-nvidia-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Affected", "package_name": "rhelai1/bootc-gcp-nvidia-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Affected", "package_name": "rhelai1/bootc-ibm-nvidia-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Affected", "package_name": "rhelai1/bootc-intel-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Affected", "package_name": "rhelai1/bootc-nvidia-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Not affected", "package_name": "rhelai1/docling-serve-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Affected", "package_name": "rhelai1/instructlab-amd-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Affected", "package_name": "rhelai1/instructlab-intel-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Affected", "package_name": "rhelai1/instructlab-nvidia-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Not affected", "package_name": "rhelai1/ui-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Not affected", "package_name": "rhoai/odh-model-registry-rhel8", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "package_name": "python-h11", "product_name": "Red Hat Satellite 6"}], "public_date": "2025-04-24T18:15:53Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-43859\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-43859\nhttps://github.com/python-hyper/h11/commit/114803a29ce50116dc47951c690ad4892b1a36ed\nhttps://github.com/python-hyper/h11/security/advisories/GHSA-vqfr-h8mv-ghfj"], "threat_severity": "Important"}