urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attempting to mitigate SSRF or open redirect vulnerabilities by disabling redirects at the PoolManager level will remain vulnerable. This issue has been patched in version 2.5.0.
                
            Metrics
Affected Vendors & Products
References
        History
                    Thu, 18 Sep 2025 14:00:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | Python Python urllib3 | |
| CPEs | cpe:2.3:a:python:urllib3:*:*:*:*:*:*:*:* | |
| Vendors & Products | Python Python urllib3 | 
Mon, 23 Jun 2025 17:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | ssvc 
 | 
Fri, 20 Jun 2025 03:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| References |  | |
| Metrics | threat_severity 
 | threat_severity 
 | 
Thu, 19 Jun 2025 01:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Description | urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attempting to mitigate SSRF or open redirect vulnerabilities by disabling redirects at the PoolManager level will remain vulnerable. This issue has been patched in version 2.5.0. | |
| Title | urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation | |
| Weaknesses | CWE-601 | |
| References |  | |
| Metrics | cvssV3_1 
 | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: GitHub_M
Published: 2025-06-19T01:08:00.340Z
Updated: 2025-06-23T16:46:13.820Z
Reserved: 2025-06-13T19:17:51.726Z
Link: CVE-2025-50181
 Vulnrichment
                        Vulnrichment
                    Updated: 2025-06-23T16:46:05.279Z
 NVD
                        NVD
                    Status : Analyzed
Published: 2025-06-19T01:15:24.453
Modified: 2025-09-18T13:51:10.240
Link: CVE-2025-50181
 Redhat
                        Redhat