Blog

New MadeYouReset HTTP/2 Vulnerability

New MadeYouReset Vulnerability in HTTP/2 Enables Massive DDoS Attacks

A critical vulnerability in the HTTP/2 protocol, known as MadeYouReset (CVE-2025-8671), has been discovered by researchers at Tel Aviv University. This flaw allows attackers to launch denial-of-service (DDoS) attacks without violating the protocol specifications. Although no live attacks exploiting this vulnerability have been observed, its potential to cause significant disruptions is concerning.

How MadeYouReset Works

The vulnerability relies on attackers’ ability to send malformed frames over an HTTP/2 connection, causing the server to unexpectedly reset streams. This behavior can exhaust server resources, leading to a denial of service. Unlike previous attacks such as “Rapid Reset,” MadeYouReset does not require the client to send the resets directly; instead, it manipulates the server into doing so.

Potential Impact

Although no active attacks using MadeYouReset HTTP/2 vulnerability have been reported, its existence represents a latent threat to web infrastructure. Since HTTP/2 is widely used across most modern web servers, exploiting this vulnerability could affect a large portion of the web.

Mitigation Measures

Service providers and server administrators should apply security patches provided by the developers of their HTTP/2 implementations. Additionally, it is recommended to:

  • Strictly validate incoming frames to detect and reject malformed ones.
  • Implement limits on the number of stream resets allowed per connection.
  • Monitor error logs for unusual patterns that could indicate exploitation attempts.

Current State of HTTP/3

While HTTP/2 remains widely used, HTTP/3 has been gaining ground rapidly. As of September 2024, over 95% of major web browsers support HTTP/3, and approximately 34% of the top 10 million websites have implemented it.

HTTP/3, which operates over the QUIC protocol, offers several advantages over HTTP/2:

  • Reduced connection establishment time: Up to 33% improvement in average connection setup time.
  • Elimination of head-of-line (HOL) blocking: QUIC’s architecture allows packet loss to not affect the entire connection.
  • Improvements for mobile networks: Better recovery from packet loss and seamless connection migration, particularly beneficial for mobile and 5G networks.
  • Built-in security: QUIC includes default encryption, enhancing the security and privacy of data in transit.

Despite these advantages, HTTP/3 adoption is still growing and may not be available in all environments. Organizations should evaluate their infrastructure and consider transitioning to HTTP/3 to improve web service performance and security.

Final Thoughts

The emergence of MadeYouReset underscores the importance of continuous monitoring and rapid response to vulnerabilities in fundamental protocols like HTTP/2. The security community must work closely together to develop effective solutions that protect the integrity and availability of web services

  • 34 Views

you may also like

Crypto24 Ransomware Group – EDR Bypass

Cyberpunk-style illustration of a server being overwhelmed by neon-colored data streams from multiple sources, representing a DDoS attack. A glowing shield labeled "Cyberdefence" protects the server, with icons for finance, gaming, and healthcare industries in the background.

The Growing Threat of DDoS Attacks And How to Defend Against Them

A DDoS attack can bring your business to a standstill in minutes — costing you revenue, reputation, and customers. In this guide, we break down what DDoS attacks are, the damage they cause, common targets, and how to prepare a strong defense. Discover how Cyberdefence’s 24/7 monitoring, global mitigation network, and expert response team keep your business online and secure.
xample of similar-looking domain names showing how domain impersonation works

How to Stop Domain Impersonation Before It Hurts Your Business

Domain impersonation is one of the fastest-growing cyber threats targeting businesses today. Learn how attackers exploit look-alike domains, the impact these attacks can have on your brand and customers, and the most effective strategies to protect your business. Discover how Cyberdefence helps stop domain impersonation before it causes financial loss or damages your reputation
Illustration of whale phishing showing a large whale symbolizing executives targeted by cybercriminals in a phishing attack.

What Is Whale Phishing? Understanding Whaling Attacks

Whale phishing, or whaling, is a highly targeted cyberattack aimed at top executives like CEOs and CFOs. Unlike regular phishing, these attacks use personalized emails to steal sensitive data or authorize fraudulent transactions. Learn what makes whaling different, who is most at risk, and how to protect your business from devastating financial and reputational losses.
Security Posture

Building a Resilient Future: The Importance of a Strong Security Posture

A strong security posture is essential in today’s cyber threat landscape. Learn why it matters, how to strengthen and monitor it, and how Cyberdefence helps businesses stay resilient against evolving digital threats.
insider threat image

The Insider Threat: When Cybersecurity Risks Come From Within

Insider threats aren’t always obvious—and they’re often the most dangerous. From careless employees to malicious actors with privileged access, internal risks can cause serious damage to any organization. In this post, we explore the different types of insider threats, who’s most at risk, what access attackers are after, and real-world examples that show just how damaging these threats can be.

Stay Informed. Stay Secure.

Subscribe to our newsletter.
Linkedin-in
© 2025 CyberDefence