CVE - CVE-2025-0938

CVE-ID
CVE-2025-0938	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://github.com/python/cpython/commit/526617ed68cde460236c973e5d0a8bad4de896ba URL:https://github.com/python/cpython/commit/526617ed68cde460236c973e5d0a8bad4de896ba MISC:https://github.com/python/cpython/commit/90e526ae67b172ed7c6c56e7edad36263b0f9403 URL:https://github.com/python/cpython/commit/90e526ae67b172ed7c6c56e7edad36263b0f9403 MISC:https://github.com/python/cpython/commit/a7084f6075c9595ba60119ce8c62f1496f50c568 URL:https://github.com/python/cpython/commit/a7084f6075c9595ba60119ce8c62f1496f50c568 MISC:https://github.com/python/cpython/commit/b8b4b713c5f8ec0958c7ef8d29d6711889bc94ab URL:https://github.com/python/cpython/commit/b8b4b713c5f8ec0958c7ef8d29d6711889bc94ab MISC:https://github.com/python/cpython/commit/d89a5f6a6e65511a5f6e0618c4c30a7aa5aba56a URL:https://github.com/python/cpython/commit/d89a5f6a6e65511a5f6e0618c4c30a7aa5aba56a MISC:https://github.com/python/cpython/commit/ff4e5c25666f63544071a6b075ae8b25c98b7a32 URL:https://github.com/python/cpython/commit/ff4e5c25666f63544071a6b075ae8b25c98b7a32 MISC:https://github.com/python/cpython/issues/105704 URL:https://github.com/python/cpython/issues/105704 MISC:https://github.com/python/cpython/pull/129418 URL:https://github.com/python/cpython/pull/129418 MISC:https://mail.python.org/archives/list/security-announce@python.org/thread/K4EUG6EKV6JYFIC24BASYOZS4M5XOQIB/ URL:https://mail.python.org/archives/list/security-announce@python.org/thread/K4EUG6EKV6JYFIC24BASYOZS4M5XOQIB/
Assigning CNA
Python Software Foundation
Date Record Created
20250131	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20250131)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)

Use of the CVE® List and the associated references from this website are subject to the terms of use. CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Copyright © 1999–2025, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation.