Aikido Intel
Secure My Code
Intel

AIKIDO-2025-10398

urllib3-future is vulnerable to URL Redirection to Untrusted Site ('Open Redirect')

URL Redirection to Untrusted Site ('Open Redirect')CVE-2025-50181 Published Jun 23, 2025

53

Medium Risk

This Affects:

pythonurllib3-future
2.0.931 - 2.12.922
Fixed in 2.13.900
Are you affected? Scan for Free

TL;DR

Affected versions of this package are vulnerable to an open redirect, addressed via a backported security fix (CVE-2025-50181) from urllib3 v2.5.0. The urllib3-future package is designed for use in Pyodide environments, enabling Python HTTP requests through the JavaScript Fetch API or XMLHttpRequest. Although it offers redirect control via retries and redirect parameters, these are ineffective in Pyodide, where the runtime governs redirect behavior—potentially allowing malicious redirects if not properly handled.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range.

Background info

urllib3-future is vulnerable to URL Redirection to Untrusted Site ('Open Redirect') in versions 2.0.931 - 2.12.922.

How to fix this

Upgrade the urllib3-future library to the patch version.

Links

Are You Affected?

Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.

Scan for Free
Book a Demo

Free. No credit card required.

Aikido Platform
Subscribe
Stay up to date with all updates
LinkedIn YouTube X
© 2026 Aikido Security BV | BE0792914919
Ghent, Belgium | San Francisco, US
SOC 2SOC 2Compliant
ISO 27001ISO 27001Compliant
Get Security Done