Vulnerability in Aio-libs Aiohttp

CVE-2025-69227

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow for an infinite loop to occur when assert statements are bypassed, resulting in a DoS attack when processing a POST body. If op…

EPSS: 0.000 (7.4th percentile) — read the EPSS interpretation.

Affected products

Aio-libs Aiohttp — versions < 3.13.3

Weakness classification (CWE)

CWE-835 — Loop with Unreachable Exit Condition (Infinite Loop)

References

https://github.com/aio-libs/aiohttp/security/advisories/GHSA-jj3x-wxrx-4x23 (x_refsource_CONFIRM)
https://github.com/aio-libs/aiohttp/commit/bc1319ec3cbff9438a758951a30907b072561259 (x_refsource_MISC)