CVE-2025-55163: Netty affected by MadeYouReset HTTP/2 DDoS vulnerability

August 13, 2025

The MadeYouReset DDoS vulnerability is a logical vulnerability in the HTTP/2 protocol, that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit - which results in resource exhaustion and distributed denial of service.

References

github.com/advisories/GHSA-prj3-ccx8-p6x4
github.com/netty/netty
github.com/netty/netty/security/advisories/GHSA-prj3-ccx8-p6x4
nvd.nist.gov/vuln/detail/CVE-2025-55163

Code Behaviors & Features

Detect and mitigate CVE-2025-55163 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →