Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-zm3a-mf2z-xfcm
Vulnerability ID VCID-zm3a-mf2z-xfcm
Aliases CVE-2025-69230
GHSA-fh55-r93g-j68g
Summary AIOHTTP Vulnerable to Cookie Parser Warning Storm ### Summary Reading multiple invalid cookies can lead to a logging storm. ### Impact If the ``cookies`` attribute is accessed in an application, then an attacker may be able to trigger a storm of warning-level logs using a specially crafted Cookie header. ---- Patch: https://github.com/aio-libs/aiohttp/commit/64629a0834f94e46d9881f4e99c41a137e1f3326
Status Published
Exploitability 0.5
Weighted Severity 4.9
Risk 2.5
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-779 Logging of Excessive Data
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3 5.4 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69230.json
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2025-69230
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2025-69230
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2025-69230
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2025-69230
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2025-69230
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2025-69230
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2025-69230
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2025-69230
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2025-69230
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2025-69230
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2025-69230
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2025-69230
epss 0.00014 https://api.first.org/data/v1/epss?cve=CVE-2025-69230
cvssv3.1 6.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr LOW https://github.com/advisories/GHSA-fh55-r93g-j68g
cvssv4 2.7 https://github.com/aio-libs/aiohttp
generic_textual LOW https://github.com/aio-libs/aiohttp
cvssv4 2.7 https://github.com/aio-libs/aiohttp/commit/64629a0834f94e46d9881f4e99c41a137e1f3326
generic_textual LOW https://github.com/aio-libs/aiohttp/commit/64629a0834f94e46d9881f4e99c41a137e1f3326
ssvc Track https://github.com/aio-libs/aiohttp/commit/64629a0834f94e46d9881f4e99c41a137e1f3326
cvssv3.1_qr LOW https://github.com/aio-libs/aiohttp/security/advisories/GHSA-fh55-r93g-j68g
cvssv4 2.7 https://github.com/aio-libs/aiohttp/security/advisories/GHSA-fh55-r93g-j68g
generic_textual LOW https://github.com/aio-libs/aiohttp/security/advisories/GHSA-fh55-r93g-j68g
ssvc Track https://github.com/aio-libs/aiohttp/security/advisories/GHSA-fh55-r93g-j68g
cvssv4 2.7 https://nvd.nist.gov/vuln/detail/CVE-2025-69230
generic_textual LOW https://nvd.nist.gov/vuln/detail/CVE-2025-69230
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69230.json
https://api.first.org/data/v1/epss?cve=CVE-2025-69230
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69230
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/aio-libs/aiohttp
https://github.com/aio-libs/aiohttp/commit/64629a0834f94e46d9881f4e99c41a137e1f3326
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-fh55-r93g-j68g
https://nvd.nist.gov/vuln/detail/CVE-2025-69230
2427255 https://bugzilla.redhat.com/show_bug.cgi?id=2427255
GHSA-fh55-r93g-j68g https://github.com/advisories/GHSA-fh55-r93g-j68g
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69230.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U Found at https://github.com/aio-libs/aiohttp
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U Found at https://github.com/aio-libs/aiohttp/commit/64629a0834f94e46d9881f4e99c41a137e1f3326
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:24:37Z/ Found at https://github.com/aio-libs/aiohttp/commit/64629a0834f94e46d9881f4e99c41a137e1f3326
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U Found at https://github.com/aio-libs/aiohttp/security/advisories/GHSA-fh55-r93g-j68g
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-06T14:24:37Z/ Found at https://github.com/aio-libs/aiohttp/security/advisories/GHSA-fh55-r93g-j68g
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U Found at https://nvd.nist.gov/vuln/detail/CVE-2025-69230
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.02529
EPSS Score 0.00014
Published At April 2, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:52:24.698919+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/01/GHSA-fh55-r93g-j68g/GHSA-fh55-r93g-j68g.json 38.0.0