CVE-2025-8671HIGHCVSS 7.5≥ 3.0.0-beta.1, < 3.4.4·≥ 2.0.0-rc1, < 2.1.102026-02-10
CVE-2025-8671 [HIGH] CWE-400 amphp/http-server affected by HTTP/2 DDoS vulnerability
amphp/http-server affected by HTTP/2 DDoS vulnerability
Versions of `amphp/http-server` prior to `3.4.4` for the 3.x release branch and prior to `2.1.10` for the 2.x release branch are vulnerable to the HTTP/2 "MadeYouReset" DoS attack described by CVE-2025-8671 and https://kb.cert.org/vuls/id/767506.
In versions `3.4.4` and `2.1.10`, stream reset protection has been refactored to account for the number of res
ghsaosv