Researchers have identified a new attack vector called MadeYouReset that exploits a vulnerability in HTTP/2 to facilitate massive DDoS attacks. Although not yet exploited in the wild, this technique poses a significant threat due to its ability to blend with normal traffic and bypass defenses. #HTTP2 #CVE-2025-8671
Keypoints
- MadeYouReset exploits a flaw in HTTP/2’s stream cancellation feature to induce DDoS attacks.
- The vulnerability allows attackers to send reset requests, causing servers to handle numerous concurrent requests unboundedly.
- Patches have been released for some affected projects, including Apache Tomcat and F5, but others are still investigating.
- The attack method can blend with normal traffic, making detection and mitigation challenging.
- The underlying vulnerability is tracked as CVE-2025-8671 and impacts multiple organizations and systems.
Read More: https://www.securityweek.com/madeyoureset-http2-vulnerability-enables-massive-ddos-attacks/