QwikSec

Security Database

CVE

CWE

Training

CVE-2025-3864

Published: May 28, 2025

Modified: Jan 26, 2026

PUBLISHED

Description

Hackney fails to properly release HTTP connections to the pool after handling 307 Temporary Redirect responses. Remote attackers can exploit this to exhaust connection pools, causing denial of service in applications using the library. Fix for this issue has been included in 1.24.0 release.

Vendor	Product	Versions
hackney	hackney	affected `0 - < 1.24.0`

Weaknesses (CWE)

References

https://github.com/benoitc/hackney/issues/717

issue-tracking

https://cert.pl/en/posts/2025/05/CVE-2025-3864/

third-party-advisory

https://github.com/benoitc/hackney/commit/8f13ddac50d1626f8b9a47a08bd599e4efe1773d

patch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.