ALAS2023-2025-1059

Amazon Linux 2023 Security Advisory: ALAS2023-2025-1059
Advisory Released Date: 2025-07-10
Advisory Updated Date: 2025-07-10

Severity: Medium

References: CVE-2025-50181
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attempting to mitigate SSRF or open redirect vulnerabilities by disabling redirects at the PoolManager level will remain vulnerable. This issue has been patched in version 2.5.0. (CVE-2025-50181)

Affected Packages:

python-urllib3

Issue Correction:
Run dnf update python-urllib3 --releasever 2023.8.20250707 to update your system.

New Packages:

noarch:
    python3-urllib3-1.25.10-5.amzn2023.0.5.noarch

src:
    python-urllib3-1.25.10-5.amzn2023.0.5.src

Additional References

Release Notes: Amazon Linux 2023 Release Notes

Red Hat: CVE-2025-50181

Mitre: CVE-2025-50181