The following versions of urllib3 library of python are affected by the mentioned CVE:
CVE-2025-66471: urllib3 versions >=1.0.0 and <2.6.0. For more details refer : Urllib3-CVE-issue
BigFix Inventory helps you to discover if the affected and the safe versions of urllib3 library installed on your environment.
-
The signature with component name “urllib3 CVE-2025-66471” and version “0.AFFECTED” specifically targets the versions of urllib3 affected by the mentioned CVE. You can find the signature at the following URL.
-
The signature with component name “urllib3 CVE-2025-66471” and version “0.SAFE” specifically targets the end points where vulnerability has been removed by applying patch or the version already installed is outside of the range specified in CVE. You can find the signature at the following URL.
The process for using CIT custom signatures:
- Download the signature file from the URL provided under every type of discovery described.
- Login to BigFix Inventory.
- Go to Management → Catalog Customization.
- Import the file with the custom signature.
- Run an import process to allow the BFI server to process the signature and initiate the signature propagation to the endpoints.
- Run a software scan on the endpoints.
- Ensure the Upload Software Scan Result fixlet is running.
- Run an import process to import the scan results.
- Verify the results on the reports.
Bigfix Inventory Team