Logging of Excessive Data

CVE-2025-69230

Low

2.7/10

Summary

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions through 3.13.2, reading multiple invalid cookies can lead to a logging storm. If the cookies attribute is accessed in an application, then an attacker may be able to trigger a storm of warning-level logs using a specially crafted Cookie header. This issue is fixed in 3.13.3.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-779 - Logging of Excessive Data

The software logs too much information, making log files hard to process and possibly hindering recovery efforts or forensic analysis after an attack.

References

Advisory
Pull request

Advisory Timeline

Published Jan 06, 2026

Logging of Excessive Data

CVE-2025-69230

Summary

CWE-779 - Logging of Excessive Data

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS