CVE-2025-50181 – This CVE describes a vulnerability in urllib3 w... (How to Fix)

📋 TL;DR

This CVE describes a vulnerability in urllib3 where disabling redirects at the PoolManager level fails to properly mitigate SSRF or open redirect attacks. Applications that rely on this method for security will remain vulnerable to these attacks. Only applications explicitly configuring urllib3's PoolManager with specific retry settings are affected.

💻 Affected Systems

Products:

urllib3

Versions: All versions prior to 2.5.0

Operating Systems: All

Default Config Vulnerable: ✅ No

Notes: Only affects applications that explicitly instantiate PoolManager with retries configured in a way that disables redirects. Default requests and botocore configurations are not vulnerable.

📦 What is this software?

Urllib3 by Python

View all CVEs affecting Urllib3 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could bypass SSRF protections to access internal services or perform open redirect attacks, potentially leading to credential theft or further exploitation.

🟠

Likely Case

Applications with custom urllib3 configurations that disable redirects for security purposes remain vulnerable to SSRF/open redirect attacks they thought were mitigated.

🟢

If Mitigated

If applications use proper network segmentation and input validation, the impact is limited even if the vulnerability is exploited.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires the attacker to trigger HTTP requests from the vulnerable application and requires specific application configuration.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.5.0

Vendor Advisory: https://github.com/urllib3/urllib3/security/advisories/GHSA-pq67-6m6q-mj2v

Restart Required: No

Instructions:

1. Update urllib3 to version 2.5.0 or later using pip: pip install --upgrade urllib3>=2.5.0
2. Verify the update was successful
3. No application restart required for Python libraries

🔧 Temporary Workarounds

Use explicit redirect handling

all

Instead of relying on PoolManager configuration, implement explicit redirect validation in application code

🧯 If You Can't Patch

Implement network-level controls to restrict outbound HTTP connections from vulnerable applications
Add application-layer validation for all URLs and redirect targets before processing

🔍 How to Verify

Check if Vulnerable:

Check if your application uses urllib3 with custom PoolManager configuration that disables redirects via retry settings

Check Version:

python -c "import urllib3; print(urllib3.__version__)"

Verify Fix Applied:

Verify urllib3 version is 2.5.0 or higher and test that redirect handling works as expected in security contexts

📡 Detection & Monitoring

Log Indicators:

Unexpected outbound HTTP requests to internal or restricted networks
HTTP redirects being followed despite application intent to block them

Network Indicators:

HTTP traffic to unexpected destinations from applications using urllib3

SIEM Query:

source="application_logs" AND ("urllib3" OR "PoolManager") AND ("redirect" OR "SSRF")

📊 Metadata

CVE ID: CVE-2025-50181

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-601

EPSS Score: 0.02% exploit probability (3.4th percentile)

Published: June 19, 2025

Last Updated: December 22, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-50181, you might also want to check these: