CVE-2025-43859: Request Smuggling Vulnerability in Python's h11 HTTP Library - #CVE-2025-43859
A critical vulnerability, CVE-2025-43859, has been discovered in Python's h11 HTTP/1.1 protocol library, posing significant security risks with a CVSS rating of 9.1. The flaw stems from h11's lenient parsing of line terminators in chunked-coding message bodies, potentially enabling request smuggling attacks when used with misconfigured HTTP proxies. This vulnerability can lead to severe consequences, including credential leaks, access control bypasses, and even session key theft between users. The inconsistency in interpretation between h11 and reverse proxies creates opportunities for attackers to manipulate HTTP requests, compromising system security. To address this critical issue, h11 version 0.15.0 has been released, and developers are strongly urged to update their systems immediately to mitigate the associated risks.