CVE-2025-6069

HTMLParser quadratic complexity when processing malformed inputs

Description

The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service.

Patch Available

Fix available through Seal Security.  
No upgrade required, protect your application instantly.

Fix without upgrading

Score

4.3

Severity

Medium

Ecosystem

APT

Publish Date

June 17, 2025

Modified Date

October 8, 2025

Score Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Affected Versions