AI description
CVE-2025-8671, also known as "MadeYouReset," is an HTTP/2 denial-of-service (DoS) vulnerability that exploits a mismatch in how some HTTP/2 implementations handle server-sent stream resets. Discovered by researchers from Tel Aviv University and Imperva, the vulnerability arises because certain servers incorrectly treat these resets as stream closures. An attacker can trigger these resets using crafted HTTP/2 frames, such as malformed WINDOW_UPDATE or PRIORITY frames. By rapidly triggering server-side resets, an attacker can cause the server to handle an unbounded number of concurrent streams on a single connection, bypassing the standard `MAX_CONCURRENT_STREAMS` limit. This leads to excessive consumption of server resources, potentially causing a denial-of-service condition due to memory or processing capability exhaustion. Affected implementations include Apache Tomcat, F5 BIG-IP, Netty, and others.
- Description
- A mismatch caused by client-triggered server-sent stream resets between HTTP/2 specifications and the internal architectures of some HTTP/2 implementations may result in excessive server resource consumption leading to denial-of-service (DoS). By opening streams and then rapidly triggering the server to reset them—using malformed frames or flow control errors—an attacker can exploit incorrect stream accounting. Streams reset by the server are considered closed at the protocol level, even though backend processing continues. This allows a client to cause the server to handle an unbounded number of concurrent streams on a single connection. This CVE will be updated as affected product details are released.
- Source
- cret@cert.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- HIGH
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-404
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
Top 5 Trending CVEs: 1 - CVE-2010-5139 2 - CVE-2025-38477 3 - CVE-2025-54574 4 - CVE-2013-3219 5 - CVE-2025-8671 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
9 Nov 2025
106 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
La vulnerabilidad HTTP/2 ‘MadeYouReset’ permite ataques de denegación de servicio (DoS). ⚠️ CVE-2025-8671 https://t.co/6vEvebHqbO https://t.co/n8u5YoE3oi
@elhackernet
8 Nov 2025
3797 Impressions
6 Retweets
44 Likes
7 Bookmarks
1 Reply
0 Quotes
HTTP/2の設計と実装の齟齬を突く重大欠陥「MadeYouReset(CVE-2025-8671)」が判明。サーバー側リセットを悪用し単一接続に無制限の処理を押し付け、大規模DoSを現実化させ得る脅威である。緊急対処が必要だ。
@yousukezan
6 Nov 2025
1719 Impressions
3 Retweets
19 Likes
7 Bookmarks
0 Replies
0 Quotes
[JVNVU#92928084] 複数のHTTP/2サーバー実装におけるストリームリセット処理の不備(CVE-2025-8671) https://t.co/w0Ztjyi6xc #jvn #脆弱性 #セキュリティ
@jpsecuritynews
6 Nov 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[2025/11/05 16:30 更新] 複数のHTTP/2サーバー実装におけるストリームリセット処理の不備(CVE-2025-8671) https://t.co/722vtLKYXN
@jvnjp
5 Nov 2025
1677 Impressions
2 Retweets
4 Likes
0 Bookmarks
0 Replies
1 Quote
[JVNVU#92928084] 複数のHTTP/2サーバー実装におけるストリームリセット処理の不備(CVE-2025-8671) https://t.co/w0Ztjyi6xc #jvn #脆弱性 #セキュリティ
@jpsecuritynews
10 Oct 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
統合版 JPCERT/CC | JVN: 複数のHTTP/2サーバー実装におけるストリームリセット処理の不備(CVE-2025-8671) https://t.co/iUs8cCbcwh #itsec_jp
@itsec_jp
9 Oct 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[2025/10/09 14:45 更新] 複数のHTTP/2サーバー実装におけるストリームリセット処理の不備(CVE-2025-8671) https://t.co/722vtLKYXN
@jvnjp
9 Oct 2025
1837 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
1 Quote
Warning: Multiple HTTP/2 implementations (incl. Apache Tomcat) are vulnerable to Denial of Service attacks via control frames. Tracked as CVE-2025-8671 "MadeYouReset" CVSS: 7.5. Follow specific vendor guidance and #patch https://t.co/YOgyQsWbwL #DoS
@CCBalert
18 Sept 2025
66 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Azure Application Gateway protection against CVE-2025-8671 (MadeYouReset) https://t.co/DLhYt9ecBZ #Microsoft #techcommunity
@MSITTechNews
10 Sept 2025
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Azure Front Door Protection against CVE-2025-8671 (MadeYouReset) https://t.co/L0Bx9WaUFP #Microsoft #techcommunity
@MSITTechNews
5 Sept 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[JVNVU#92928084] 複数のHTTP/2サーバー実装におけるストリームリセット処理の不備(CVE-2025-8671) https://t.co/w0Ztjyi6xc #jvn #脆弱性 #セキュリティ
@jpsecuritynews
4 Sept 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[2025/09/03 10:00 更新] 複数のHTTP/2サーバー実装におけるストリームリセット処理の不備(CVE-2025-8671) https://t.co/722vtLKYXN
@jvnjp
3 Sept 2025
1693 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
1 Quote
[2025/09/02 13:15 更新] 複数のHTTP/2サーバー実装におけるストリームリセット処理の不備(CVE-2025-8671) https://t.co/722vtLKYXN
@jvnjp
2 Sept 2025
1727 Impressions
1 Retweet
3 Likes
0 Bookmarks
0 Replies
1 Quote
[JVNVU#92928084] 複数のHTTP/2サーバー実装におけるストリームリセット処理の不備(CVE-2025-8671) https://t.co/w0Ztjyi6xc #jvn #脆弱性 #セキュリティ
@jpsecuritynews
27 Aug 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
JVNVU#92928084 複数のHTTP/2サーバー実装におけるストリームリセット処理の不備(CVE-2025-8671) https://t.co/xzRQDnN1RJ ベンダ情報を確認する限りかなり広範囲に影響を与える脆弱性の可能性があります。
@Syynya
26 Aug 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
複数のHTTP/2サーバー実装におけるストリームリセット処理の不備(CVE-2025-8671) https://t.co/NFNSKZQ3MG #%E6%8A%80%E8%A1%93%E7%B3%BB-%E3%82%BB%E3%82%AD%E3%83%A5%E3%83%AA%E3%83%86%E3%82%A3 #feedly
@likecoffee
26 Aug 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#後で読む 用メモです→ 複数のHTTP/2サーバー実装におけるストリームリセット処理の不備(CVE-2025-8671) https://t.co/RI4BdRKIxV
@TommiyTw
26 Aug 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
統合版 JPCERT/CC | JVN: 複数のHTTP/2サーバー実装におけるストリームリセット処理の不備(CVE-2025-8671) https://t.co/g4TRxzQR1L #itsec_jp
@itsec_jp
26 Aug 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[2025/08/26 16:00 公表] 複数のHTTP/2サーバー実装におけるストリームリセット処理の不備(CVE-2025-8671) https://t.co/722vtLKYXN
@jvnjp
26 Aug 2025
1944 Impressions
1 Retweet
3 Likes
0 Bookmarks
0 Replies
1 Quote
MadeYouReset: la nueva vulnerabilidad en HTTP/2 que amenaza con ataques de denegación de servicio https://t.co/d6czFK4sT2 Hace poco se dio a conocer información sobre una vulnerabilidad crítica en el protocolo HTTP/2, bautizada como MadeYouReset (CVE-2025-8671). Se trata de u
@laboratoriolinu
20 Aug 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
d0s_t0wn This repository contains two complementary tools for studying and mitigating the HTTP/2 “Rapid Reset” class of denial-of-service vulnerabilities CVE-2025-8671. https://t.co/FPnvlCLMmB DISCLAIMER: only use on networks you have permission to test on #CyberSe curity
@anoncitylights
19 Aug 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-8671 Mismatch caused by client-triggered server-sent stream resets between HTTP/2 specifications and the internal architectures of some HTTP/2 implementations may result in excessive server resource consumption leading to denial-of-service (DoS). https://t.co/UNIMU5Iqdr
@endi24
19 Aug 2025
1009 Impressions
3 Retweets
13 Likes
5 Bookmarks
0 Replies
0 Quotes
A new HTTP/2 DoS vulnerability, CVE-2025-8671, bypasses existing mitigations by exploiting invalid control frames to overload servers. Cloudflare and Akamai report no impact. #HTTP2Attack #DoSVulnerability #Israel https://t.co/W6kcYMwGxf
@TweetThreatNews
18 Aug 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Alerta Crítica – HTTP/2 (CVE-2025-8671) 🚨 Nueva técnica #MadeYouReset permite ataques DoS masivos. 🔒 Acciones urgentes: ✔️ Instalar parches (Tomcat, F5, Netty) ✔️ Restringir exposición HTTP/2 ✔️ Monitorear CPU/tráfico ✔️ Reglas en WAF & balanc
@CompunetChile
18 Aug 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
csirt_it: ‼ #HTTP/2 #MadeYouReset: analisi della vulnerabilità CVE-2025-8671, che riguarda l’implementazione del protocollo HTTP/2 e potrebbe consentire attacchi di tipo Denial of Service Rischio: 🔴 Tipologia: 🔸 Denial of Service 🔗 … https://t.co/43NlRefoFX
@Vulcanux_
18 Aug 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
‼ #HTTP/2 #MadeYouReset: analisi della vulnerabilità CVE-2025-8671, che riguarda l’implementazione del protocollo HTTP/2 e potrebbe consentire attacchi di tipo Denial of Service Rischio: 🔴 Tipologia: 🔸 Denial of Service 🔗 https://t.co/OvNayPYyay ⚠ Mitigazioni
@csirt_it
18 Aug 2025
272 Impressions
1 Retweet
3 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-8671 (CVSS:7.5, HIGH) is Awaiting Analysis. A mismatch caused by client-triggered server-sent stream resets between HTTP/2 specifications and the internal architect..https://t.co/ZaHwiVFPKj #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
18 Aug 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ MadeYouReset: el método para tumbar servidores web Encontraron un nuevo fallo llamado MadeYouReset (CVE-2025-8671). Puede dejar fuera de servicio páginas y apps que usan el protocolo HTTP/2. El ataque consiste en enviar solicitudes falsas que obligan al servidor a i
@CycuraMX
17 Aug 2025
824 Impressions
7 Retweets
19 Likes
6 Bookmarks
0 Replies
0 Quotes
New HTTP/2 “MadeYouReset” DoS vulnerability (CVE-2025-8671) allows massive #DDoS via server-side stream resets. Affects Apache Tomcat, Netty, F5, H2O & more. Patch immediately and implement rate-limit & anomaly detection. #CyberSecurity #MadeYouReset #CVE20258671 #DDo
@SecurEpitome
17 Aug 2025
64 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
つい最近公開されたHTTP/2 の新たな脆弱性「MadeYouReset」(CVE-2025-8671) この攻撃の仕組みをAIに解説してもらいました。 こちらの勘違いに呆れたり、暗に軌道修正したりするAIの奮闘ぶりもあわせてどうぞ 👉
@aidewakaru
16 Aug 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
HTTP/2に新たな弱点「MadeYouReset」発覚。DoS攻撃でサーバー資源を食いつぶすタイプで、Tomcatなど主要実装に影響。Tomcatはすでに11.0.10/10.1.44/9.0.108で修正版を公開済み。CVEは共通でCVE-2025-8671、Tomcat固有はCVE-2025-
@log_sho_dev
16 Aug 2025
241 Impressions
0 Retweets
11 Likes
0 Bookmarks
1 Reply
0 Quotes
New HTTP/2 #vulnerability "MadeYouReset" (CVE-2025-8671) enables #DDoS attacks by exploiting stream reset mismatches. Patch immediately. #cybersecurity https://t.co/WG1WWrPYeC
@SRA_ThreatWatch
15 Aug 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨 CVE-2025-8671: HTTP/2 MadeYouReset DDoS vulnerability 🧐Deep Dive :https://t.co/UK9RjMl3wD 📊99.6K+ Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/ogmVz84EvJ 👇Query HUNTER : https://t.co/q9rtuGfZuz="HTTP/2" https://t.co
@HunterMapping
15 Aug 2025
3077 Impressions
17 Retweets
59 Likes
20 Bookmarks
2 Replies
0 Quotes
HTTP2における大規模DDoS攻撃が可能となる脆弱性"MadeYouReset"について。CERT/CCアドバイザリ。CVE-2025-8671。TomcatのCVE-2025-48989等、ベンダ毎に個別のCVEが採番されている場合あり。Rapid Reset (CVE-2023-44487)類似。 https://t.c
@__kokumoto
14 Aug 2025
1527 Impressions
8 Retweets
14 Likes
3 Bookmarks
0 Replies
0 Quotes
https://t.co/bUMUaq3n6R The new HTTP/2 attack 'Made You Reset' CVE-2025-8671 affects many HTTP servers. In this post we deeply analyze the attack, how does it relate to previous HTTP/2 attacks and how to properly protect against the attack. #http2 #ddos
@a_krizhanovsky
13 Aug 2025
54 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-8671: HTTP/2 implementations are vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames https://t.co/sPduJqYsQE
@oss_security
13 Aug 2025
808 Impressions
3 Retweets
6 Likes
1 Bookmark
0 Replies
0 Quotes