HTTP/2 MadeYouReset Vulnerability Enables Massive DDoS Attacks
gbhackersSecurity researchers have disclosed a critical vulnerability in the HTTP/2 protocol that could enable massive distributed denial-of-service (DDoS) attacks, potentially affecting millions of web servers worldwide.
The flaw, dubbed “MadeYouReset” and assigned CVE-2025-8671, was publicly disclosed on August 13, 2025, by researchers who warn it could surpass the impact of the devastating “Rapid Reset” attacks from 2023.
Vulnerability Overview
The MadeYouReset vulnerability allows attackers to bypass HTTP/2’s built-in concurrency limits, enabling them to create unbounded concurrent work on target servers with minimal resources.
This represents a significant escalation from traditional DDoS methods, as attackers can overwhelm servers while using far less bandwidth and computational power than conventional attacks.
| Project | CVE |
| General HTTP/2 | CVE-2025-8671 |
| Netty | CVE-2025-55163 |
| Apache Tomcat | CVE-2025-48989 |
| F5 BIG-IP | CVE-2025-54500 |
| H2O | CVE-2025-8671 |
| Swift-NIO-HTTP2 | Pending |
The research was conducted jointly by security expert Gal Bar-Nahum with Professor Anat Bremler-Barr and Yaniv Harel from Tel Aviv University ...
Copyright of this story solely belongs to gbhackers . To see the full text click HERE