CVE-2025-66471 Overview
CVE-2025-66471 is a Resource Exhaustion vulnerability affecting the popular Python urllib3 HTTP client library. The vulnerability exists in the library's Streaming API, which improperly handles highly compressed data (commonly known as "decompression bombs"). When processing compressed HTTP responses using content encodings such as gzip, deflate, br, or zstd, the library's decompression logic can be exploited to cause excessive CPU usage and massive memory allocation, leading to a denial of service condition.
The urllib3 streaming API is designed for efficient handling of large HTTP responses by reading content in chunks rather than loading the entire response body into memory. However, when streaming a compressed response, the decompression logic could fully decode a small amount of highly compressed data in a single operation, bypassing the intended resource constraints. Any decompressed data exceeding the requested chunk size is held in an internal buffer, which can grow to consume all available system memory.
Critical Impact
Attackers can exploit this vulnerability remotely by serving highly compressed HTTP responses to applications using vulnerable versions of urllib3, causing denial of service through CPU and memory exhaustion without requiring authentication.
Affected Products
- Python urllib3 versions 1.0 through 2.5.x (prior to 2.6.0)
Discovery Timeline
- December 05, 2025 - CVE-2025-66471 published to NVD
- December 10, 2025 - Last updated in NVD database
Technical Details for CVE-2025-66471
Vulnerability Analysis
This vulnerability is classified under CWE-409 (Improper Handling of Highly Compressed Data / Data Amplification). The core issue lies in how urllib3's streaming API processes compressed HTTP responses. When an application requests data in chunks from a compressed response, the library reads compressed data from the network and decompresses it until the requested chunk size is met. However, the implementation lacked proper safeguards against decompression bombs—maliciously crafted compressed data with extremely high compression ratios.
A small compressed payload (potentially just a few kilobytes) can decompress into gigabytes of data. Since the library attempts to fully decode this data in a single operation before chunking, it can consume excessive system resources. This affects applications that use urllib3's streaming API with preload_content=False for handling responses with Content-Encoding headers indicating compression.
Root Cause
The root cause stems from insufficient bounds checking in the decompression logic when handling HTTP content with Content-Encoding headers (gzip, deflate, br, zstd). The streaming API did not properly limit the amount of data that could be decompressed in a single operation, allowing an attacker to trigger a "decompression bomb" attack. The library failed to implement incremental decompression with appropriate resource limits, instead fully decoding compressed content regardless of how small the original compressed data was relative to its decompressed size.
Attack Vector
The vulnerability is exploitable over the network without authentication. An attacker can set up a malicious HTTP server that serves highly compressed responses to client applications using vulnerable versions of urllib3. When the victim application attempts to stream the response, the decompression bomb is triggered, causing:
- Memory Exhaustion: The internal buffer grows excessively as decompressed data accumulates
- CPU Exhaustion: Decompression of highly compressed data consumes significant CPU cycles
- Application Crash: The combination can lead to out-of-memory conditions and application termination
The attack requires no user interaction beyond having the vulnerable application make an HTTP request to the attacker-controlled server.
+2.6.0 (TBD)
+==================
+
+Bugfixes
+--------
+
+- Fixed a security issue where streaming API could improperly handle highly
+ compressed HTTP content ("decompression bombs") leading to excessive resource
+ consumption even when a small amount of data was requested. Reading small
+ chunks of compressed data is safer and much more efficient now.
+
+.. caution::
+ - If urllib3 is not installed with the optional `urllib3[brotli]` extra, but
+ your environment contains a Brotli/brotlicffi/brotlipy package anyway, make
+ sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to
+ benefit from the security fixes and avoid warnings. Prefer using
+ `urllib3[brotli]` to install a compatible Brotli package automatically.
+
+ - If you use custom decompressors, please make sure to update them to
+ respect the changed API of ``urllib3.response.ContentDecoder``.
+
+
2.5.0 (2025-06-18)
==================
Source: GitHub Commit Update
Detection Methods for CVE-2025-66471
Indicators of Compromise
- Unusual memory consumption spikes in Python applications using urllib3 for HTTP requests
- CPU utilization spikes correlating with network activity involving compressed HTTP responses
- Application crashes or out-of-memory errors in services making external HTTP requests
- Network traffic containing HTTP responses with extremely small Content-Length but large Content-Encoding payloads
Detection Strategies
- Monitor Python application resource usage for anomalous memory allocation patterns during HTTP operations
- Implement network-level inspection for HTTP responses with suspicious compression ratios
- Configure application performance monitoring (APM) to alert on urllib3-related memory spikes
- Use software composition analysis (SCA) tools to identify vulnerable urllib3 versions in your codebase
Monitoring Recommendations
- Set up resource monitoring thresholds for memory and CPU on applications using urllib3 streaming API
- Enable logging for HTTP response headers to identify Content-Encoding patterns from external sources
- Monitor dependency management systems for urllib3 version compliance across your environment
- Implement runtime application self-protection (RASP) to detect abnormal decompression behavior
How to Mitigate CVE-2025-66471
Immediate Actions Required
- Upgrade urllib3 to version 2.6.0 or later immediately across all environments
- If using Brotli compression separately, upgrade to Brotli 1.2.0 or brotlicffi 1.2.0.0 minimum
- Audit applications using urllib3's streaming API with preload_content=False for exposure to untrusted HTTP servers
- Consider implementing network-level controls to limit connections to known/trusted HTTP endpoints
Patch Information
The vulnerability has been patched in urllib3 version 2.6.0. The fix implements safer and more efficient handling of small chunks of compressed data, preventing the decompression bomb attack vector. The security patch is available via the GitHub Commit.
For additional details and guidance, see the GitHub Security Advisory GHSA-2xpw-w6gg-jr37.
Note that if you use custom decompressors with urllib3, you must update them to respect the changed API of urllib3.response.ContentDecoder after upgrading.
Workarounds
- Avoid using urllib3's streaming API (preload_content=False) with untrusted HTTP servers until patched
- Implement application-level resource limits using process isolation or containerization
- Use network proxy or WAF rules to filter suspicious compressed responses before they reach applications
- Consider disabling automatic decompression by not accepting compressed content encodings when connecting to untrusted sources
# Upgrade urllib3 to patched version
pip install --upgrade urllib3>=2.6.0
# If using Brotli separately, upgrade to compatible version
pip install --upgrade brotli>=1.2.0
# or
pip install --upgrade brotlicffi>=1.2.0.0
# Alternatively, install urllib3 with Brotli extra to ensure compatibility
pip install "urllib3[brotli]>=2.6.0"
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
