Vulnerabilities

CVE-2025-67724 - Tornado vulnerable to Header Injection and XSS via reason argument

2025-12-12 0 views admin

CVE ID : CVE-2025-67724 Published : Dec. 12, 2025, 5:36 a.m. | 9 minutes ago Description : Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers (where it could be used for header injection) or in HTML in the default error page (where it could be used for XSS) and can be exploited by passing untrusted or malicious data into the reason argument. Used by both RequestHandler.set_status and tornado.web.HTTPError, the argument is designed to allow applications to pass custom

CVE Details

CVE ID

CVE-2025-67724

Published

Dec. 12, 2025

Affected Product: Python

Impact: XSS

Source: Telegram CVE Monitor

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2025-67724python

CVE-2025-67724 - Tornado vulnerable to Header Injection and XSS via reason argument

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2025-14672 - gmg137 snap7-rs s7_micro_client.cpp opWriteArea heap-based overflow

CVE-2025-14674 - aizuda snail-job QLExpressEngine.java QLExpressEngine.doEval injection

CVE-2025-14673 - gmg137 snap7-rs client.rs as_ct_write heap-based overflow

CVE-2025-14665 - Tenda WH450 HTTP Request DhcpListClient stack-based overflow

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting