5.3

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2025-50181

GHSA ID

GHSA-pq67-6m6q-mj2v

EPSS Score

0.0102%

CWE

CWE-601

Published

6/18/2025

Updated

6/18/2025

KEV Status

Technology

Python

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-50181

CVE-2025-50181: urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation

urllib3 handles redirects and retries using the same mechanism, which is controlled by the Retry object. The most common way to disable redirects is at the request level, as follows:

resp = urllib3.request("GET", "https://httpbin.org/redirect/1", redirect=False)
print(resp.status)
# 302

However, it is also possible to disable redirects, for all requests, by instantiating a PoolManager and specifying retries in a way that disable redirects:

import urllib3

http = urllib3.PoolManager(retries=0)  # should raise MaxRetryError on redirect
http = urllib3.PoolManager(retries=urllib3.Retry(redirect=0))  # equivalent to the above
http = urllib3.PoolManager(retries=False)  # should return the first response

resp = http.request("GET", "https://httpbin.org/redirect/1")

However, the retries parameter is currently ignored, which means all the above examples don't disable redirects.

Affected usages

Passing retries on PoolManager instantiation to disable redirects or restrict their number.

By default, requests and botocore users are not affected.

Impact

Redirects are often used to exploit SSRF vulnerabilities. An application attempting to mitigate SSRF or open redirect vulnerabilities by disabling redirects at the PoolManager level will remain vulnerable.

Remediation

You can remediate this vulnerability with the following steps:

Upgrade to a patched version of urllib3. If your organization would benefit from the continued support of urllib3 1.x, please contact sethmichaellarson@gmail.com to discuss sponsorship or contribution opportunities.
Disable redirects at the request() level instead of the PoolManager() level.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2025-50181

CVE-2025-50181:

5.3

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2025-50181

GHSA ID

GHSA-pq67-6m6q-mj2v

EPSS Score

0.0102%

CWE

CWE-601

Published

6/18/2025

Updated

6/18/2025

KEV Status

Technology

Python

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
urllib3	pip	< 2.5.0	2.5.0

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability CVE-2025-50181 in urllib3 (versions < 2.5.0) arises from the PoolManager failing to disable redirects when configured to do so via its retries parameter during instantiation. For example, PoolManager(retries=0) or PoolManager(retries=False) was intended to prevent any redirects, but this setting was ignored.

The root cause lies in two key methods of urllib3.poolmanager.PoolManager:

urllib3.poolmanager.PoolManager.__init__: The constructor was flawed because it did not properly process the retries argument (when passed as an integer like 0, or as False, or as a Retry object with redirect=0) to ensure that the internal Retry object for the PoolManager instance was configured to disallow redirects. The patch (commit f05b1329126d5be6de501f9d1e3e36738bc08857) introduces specific logic in __init__ to correctly create or modify the Retry object to set its raise_on_redirect attribute appropriately, thereby enforcing the no-redirect policy.
urllib3.poolmanager.PoolManager.urlopen: This method is responsible for making the actual HTTP request and applying the retry/redirect logic. It uses the Retry object associated with the PoolManager (if not overridden by a request-specific Retry object). In vulnerable versions, urlopen would use the Retry object that __init__ had failed to correctly configure for disabling redirects. Consequently, urlopen would follow redirects even when the PoolManager was initialized with the intent to disable them.

If an application relied on disabling redirects at the PoolManager level to mitigate risks like Server-Side Request Forgery (SSRF) or open redirects, this vulnerability would leave it exposed because the redirects would still be followed. The fix ensures that the retries parameter in PoolManager.__init__ correctly translates to a redirect policy that urlopen then enforces.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

5.3

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2025-50181: urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation

Affected usages

Impact

Remediation

CVE-2025-50181:

5.3

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Basic Information

Basic Information

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Technical Details

5.3

5.3

CVE-2025-50181: urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation

Affected usages

Impact

Remediation

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI