CVE-2025-55163 Information

Description

Netty is an asynchronous event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final Netty is vulnerable to MadeYouReset DDoS. This is a logical vulnerability in the HTTP/2 protocol that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit - which results in resource exhaustion and distributed denial of service. This issue has been patched in versions 4.1.124.Final and 4.2.4.Final.

Reference

https://github.com/netty/netty/security/advisories/GHSA-prj3-ccx8-p6x4

Related CNNVD

CNNVD-202508-1386 (Published: 2025-08-13)