ALAS2023-2025-1059

Amazon Linux 2023 Security Advisory: ALAS2023-2025-1059
Advisory Released Date: 2025-07-10
Advisory Updated Date: 2025-07-10

Severity: Medium

References: CVE-2025-50181
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attempting to mitigate SSRF or open redirect vulnerabilities by disabling redirects at the PoolManager level will remain vulnerable. This issue has been patched in version 2.5.0. (CVE-2025-50181)

Affected Packages:

python-urllib3

Issue Correction:
Run dnf update python-urllib3 --releasever 2023.8.20250707 or dnf update --advisory ALAS2023-2025-1059 --releasever 2023.8.20250707 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation

New Packages:

noarch:
    python3-urllib3-1.25.10-5.amzn2023.0.5.noarch

src:
    python-urllib3-1.25.10-5.amzn2023.0.5.src

Additional References

Release Notes: Amazon Linux 2023 Release Notes

Red Hat: CVE-2025-50181

Mitre: CVE-2025-50181