What is CVE-2025-54121?

CVE-2025-54121 is a medium-severity vulnerability in Encode Starlette, classified under Allocation of Resources Without Limits or Throttling. CVSS score: 5.3/10. Published 2025-07-21.

How severe is CVE-2025-54121?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Is CVE-2025-54121 known to be exploited?

7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Resource exhaustion in Encode Starlette

CVE-2025-54121

Starlette is a lightweight ASGI (Asynchronous Server Gateway Interface) framework/toolkit, designed for building async web services in Python. In versions 0.47.1 and below, when parsing a multi-part form with large files (greater than the…

EPSS: 0.003 (48.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L.

Affected products

Encode Starlette — versions < 0.47.2

Weakness classification (CWE)

CWE-770 — Allocation of Resources Without Limits or Throttling

Public proof-of-concept exploits

References

https://github.com/encode/starlette/security/advisories/GHSA-2c2j-9gv5-cj73 (x_refsource_CONFIRM)
https://github.com/encode/starlette/commit/9f7ec2eb512fcc3fe90b43cb9dd9e1d08696bec1 (x_refsource_MISC)
https://github.com/encode/starlette/blob/fa5355442753f794965ae1af0f87f9fec1b9a3de/starlette/datastructures.py#L436C5-L447C14 (x_refsource_MISC)
https://github.com/encode/starlette/discussions/2927#discussioncomment-13721403 (x_refsource_MISC)

Frequently asked questions

What is CVE-2025-54121?: CVE-2025-54121 is a medium-severity vulnerability in Encode Starlette, classified under Allocation of Resources Without Limits or Throttling. CVSS score: 5.3/10. Published 2025-07-21.
How severe is CVE-2025-54121?: Medium severity. CVSS v3 base score is 5.3 out of 10.
Is CVE-2025-54121 known to be exploited?: 7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.