Home > Vulnerability Database > CVE-2025-69228

Mend.io Vulnerability Database

CVE-2025-69228

Good to know:

Date: January 5, 2026

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a request to be crafted in such a way that an AIOHTTP server's memory fills up uncontrollably during processing. If an application includes a handler that uses the Request.post() method, an attacker may be able to freeze the server by exhausting the memory. This issue is fixed in version 3.13.3.

Severity Score

7.5

Related Resources (5)

Url: https://github.com/aio-libs/aiohttp/commit/b7dbd35375aedbcd712cbae8ad513d56d11cce60

Url: https://github.com/aio-libs/aiohttp

Url: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-6jhg-hg63-jvvf

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-69228

Url: https://www.mend.io/vulnerability-database/CVE-2025-69228

Severity Score

7.5

Weakness Type (CWE)

Allocation of Resources Without Limits or Throttling

CWE-770

Top Fix

Upgrade Version

Upgrade to version aiohttp - 3.13.3;https://github.com/aio-libs/aiohttp.git - v3.13.3

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-69228

Good to know:

Date: January 5, 2026

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?