Low severityOSV Advisory· Published Jan 5, 2026· Updated Jan 6, 2026
AIOHTTP Vulnerable to Cookie Parser Warning Storm
CVE-2025-69230
Description
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, reading multiple invalid cookies can lead to a logging storm. If the cookies attribute is accessed in an application, then an attacker may be able to trigger a storm of warning-level logs using a specially crafted Cookie header. This issue is fixed in 3.13.3.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
aiohttpPyPI | < 3.13.3 | 3.13.3 |
Affected products
33- osv-coords32 versionspkg:apk/chainguard/airflow-2pkg:apk/chainguard/airflow-2-bitnami-compatpkg:apk/chainguard/airflow-2-compatpkg:apk/chainguard/airflow-2-iamguarded-compatpkg:apk/chainguard/airflow-3pkg:apk/chainguard/apache-beam-python-3.11-sdkpkg:apk/chainguard/authentikpkg:apk/chainguard/authentik-go-serverpkg:apk/chainguard/awxpkg:apk/chainguard/checkovpkg:apk/chainguard/dask-kubernetespkg:apk/chainguard/gitlab-toolbox-ce-18.5pkg:apk/chainguard/gitlab-toolbox-ce-18.6pkg:apk/chainguard/kserve-storage-controllerpkg:apk/chainguard/kubeflow-pipelines-visualization-serverpkg:apk/chainguard/open-webuipkg:apk/chainguard/py3.10-vllm-cuda-12.4pkg:apk/chainguard/py3.12-vllm-cuda-12.4pkg:apk/chainguard/py3.13-scanner-test-libraries-aiohttppkg:apk/chainguard/py3-cassandra-medusapkg:apk/chainguard/py3-cassandra-medusa-compatpkg:apk/chainguard/request-1276pkg:apk/wolfi/airflow-3pkg:apk/wolfi/checkovpkg:apk/wolfi/dask-kubernetespkg:apk/wolfi/kserve-storage-controllerpkg:apk/wolfi/kubeflow-pipelines-visualization-serverpkg:apk/wolfi/open-webuipkg:apk/wolfi/py3-cassandra-medusapkg:apk/wolfi/py3-cassandra-medusa-compatpkg:pypi/aiohttppkg:rpm/opensuse/python-aiohttp&distro=openSUSE%20Tumbleweed
< 2.11.0-r19+ 31 more
- (no CPE)range: < 2.11.0-r19
- (no CPE)range: < 2.11.0-r19
- (no CPE)range: < 2.11.0-r19
- (no CPE)range: < 2.11.0-r19
- (no CPE)range: < 3.2.0-r0
- (no CPE)range: < 2.70.0-r1
- (no CPE)range: < 2025.10.3-r3
- (no CPE)range: < 2025.10.3-r3
- (no CPE)range: < 24.6.1-r23
- (no CPE)range: < 3.2.499-r0
- (no CPE)range: < 2025.7.0-r4
- (no CPE)range: < 18.5.5-r0
- (no CPE)range: < 18.6.3-r0
- (no CPE)range: < 0.17.0-r2
- (no CPE)range: < 2.15.0-r1
- (no CPE)range: < 0.6.43-r1
- (no CPE)range: < 0.16.0-r1
- (no CPE)range: < 0.16.0-r1
- (no CPE)range: < 0.0.1-r3
- (no CPE)range: < 0.26.0-r3
- (no CPE)range: < 0.26.0-r3
- (no CPE)range: < 0.27.0-r1
- (no CPE)range: < 3.2.0-r0
- (no CPE)range: < 3.2.499-r0
- (no CPE)range: < 2025.7.0-r4
- (no CPE)range: < 0.17.0-r2
- (no CPE)range: < 2.15.0-r1
- (no CPE)range: < 0.6.43-r1
- (no CPE)range: < 0.26.0-r3
- (no CPE)range: < 0.26.0-r3
- (no CPE)range: < 3.13.3
- (no CPE)range: < 3.13.3-1.1
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-fh55-r93g-j68gghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-69230ghsaADVISORY
- github.com/aio-libs/aiohttp/commit/64629a0834f94e46d9881f4e99c41a137e1f3326ghsax_refsource_MISCWEB
- github.com/aio-libs/aiohttp/security/advisories/GHSA-fh55-r93g-j68gghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.