ALAS2-2025-2916

Amazon Linux 2 Security Advisory: ALAS2-2025-2916
Advisory Released Date: 2025-07-10
Advisory Updated Date: 2025-07-10

Severity: Medium

References: CVE-2025-50181
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attempting to mitigate SSRF or open redirect vulnerabilities by disabling redirects at the PoolManager level will remain vulnerable. This issue has been patched in version 2.5.0. (CVE-2025-50181)

Affected Packages:

python3-urllib3

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update python3-urllib3 to update your system.

New Packages:

noarch:
    python3-urllib3-1.25.6-2.amzn2.0.3.noarch

src:
    python3-urllib3-1.25.6-2.amzn2.0.3.src

Additional References

Release Notes: Amazon Linux 2 Release Notes

Red Hat: CVE-2025-50181

Mitre: CVE-2025-50181