THREATOPS
THREAT OPSThreat News › [NVD] CVE-2025-69223 (HIGH 7.5) — AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust

[NVD] CVE-2025-69223 (HIGH 7.5) — AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust

lownvdPublished 2026-01-05

CVE-2025-69223 CVSS: 7.5 HIGH Published: 2026-01-05T22:15:53.017

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the host's memory. This issue is fixed in version 3.13

Indicators of compromise

Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-69223