QwikSec

Security Database

CVE

CWE

Training

CVE-2025-6069

Published: Jun 17, 2025

Modified: Apr 21, 2026

PUBLISHED

CVSS v3.1

4.3

MEDIUM

Description

The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service.

Vendor	Product	Versions
Python Software Foundation	CPython	affected `0 - < 3.10.19` affected `3.11.0 - < 3.11.14` affected `3.12.0 - < 3.12.12` affected `3.13.0 - < 3.13.6` affected `3.14.0a1 - < 3.14.0b3`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

References

https://github.com/python/cpython/issues/135462

issue-tracking

https://github.com/python/cpython/pull/135464

patch

https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949

patch

https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41

patch

https://github.com/python/cpython/commit/d851f8e258c7328814943e923a7df81bca15df4b

patch

https://mail.python.org/archives/list/[email protected]/thread/K5PIYLR6EP3WR7ZOKKYQUWEDNQVUXOYM/

vendor-advisory

https://github.com/python/cpython/commit/8d1b3dfa09135affbbf27fb8babcf3c11415df49

patch

https://github.com/python/cpython/commit/ab0893fd5c579d9cea30841680e6d35fc478afb5

patch

https://github.com/python/cpython/commit/f3c6f882cddc8dc30320d2e73edf019e201394fc

patch

https://github.com/python/cpython/commit/fdc9d214c01cb4588f540cfa03726bbf2a33fc15

patch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.