SentinelOne
CVE Vulnerability Database
Vulnerability Database/CVE-2025-50181

CVE-2025-50181: Python Urllib3 SSRF Vulnerability

CVE-2025-50181 is an SSRF vulnerability in Python Urllib3 that fails to properly disable redirects at the PoolManager level, leaving applications exposed to attacks. This article covers technical details, affected versions, and mitigation.

Updated:

CVE-2025-50181 Overview

urllib3 is a user-friendly HTTP client library for Python. Prior to version 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disables redirects. By default, requests and botocore users are not affected. An application attempting to mitigate SSRF or open redirect vulnerabilities by disabling redirects at the PoolManager level will remain vulnerable. This issue has been patched in version 2.5.0.

Critical Impact

This vulnerability allows for potentially bypassing SSRF or open redirect mitigations, leading to potential unauthorized redirections.

Affected Products

  • Python urllib3

Discovery Timeline

  • Not Available - Vulnerability discovered by Not Available
  • Not Available - Responsible disclosure to python
  • Not Available - CVE CVE-2025-50181 assigned
  • Not Available - python releases security patch
  • 2025-06-19 - CVE CVE-2025-50181 published to NVD
  • 2025-09-18 - Last updated in NVD database

Technical Details for CVE-2025-50181

Vulnerability Analysis

When a PoolManager is instantiated improperly with specific retry settings, redirects can be inadvertently disabled, allowing for scenarios where an attacker could exploit SSRF or open redirect vulnerabilities in applications relying on urllib3.

Root Cause

The root cause lies in the improper handling of redirect configurations when specific retry parameters are set while using PoolManager.

Attack Vector

The primary attack vector is remote as it can be triggered over the network if the PoolManager is configured incorrectly.

python
# Example exploitation configuration
import urllib3

http = urllib3.PoolManager(retries=urllib3.util.Retry(redirect=0))
response = http.request('GET', 'http://vulnerable-redirect.com')

Detection Methods for CVE-2025-50181

Indicators of Compromise

  • Unusual redirect traffic patterns
  • Requests to unexpected domain names
  • Configuration errors in PoolManager

Detection Strategies

Monitor logs for unusual HTTP 3xx response codes and excessive redirect attempts. Review the configuration of PoolManager for any unexpected retry settings.

Monitoring Recommendations

  • Implement logging for all HTTP requests and responses, particularly focusing on redirects.
  • Use network intrusion detection systems to identify anomalous redirect patterns.

How to Mitigate CVE-2025-50181

Immediate Actions Required

  • Review PoolManager configurations in your applications.
  • Ensure updates to version 2.5.0 are applied.
  • Conduct a security audit for possible SSRF vulnerabilities.

Patch Information

This issue has been patched in urllib3 version 2.5.0. Update to the latest version using the following command:

bash
pip install urllib3 --upgrade

Workarounds

If immediate patching is not possible, ensure that the PoolManager is set up without using retries that disable redirects completely:

python
# Secure configuration example
import urllib3

http = urllib3.PoolManager()  # Default handling with redirects

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne