On August 13, 2025, researchers from Tel Aviv University revealed a new HTTP/2 denial-of-service vulnerability named MadeYouReset (CVE-2025-8671), affecting certain unpatched HTTP/2 server implementations that fail to properly track server-sent stream resets, potentially leading to resource exhaustion. This vulnerability, akin to the Rapid Reset attack (CVE-2023-44487), exploits the stream reset mechanism within the HTTP/2 specification, where repeated resets can overwhelm server resources. Cloudflare, informed of the vulnerability in May, confirmed it was not susceptible due to prior defensive measures implemented since similar vulnerabilities in 2019 and 2023, such as the Netflix and Rapid Reset vulnerabilities. Cloudflare's Pingora framework, utilizing the Rust-language h2 library, was potentially affected when using versions prior to 0.4.11, but Cloudflare's infrastructure remained secure since it doesn't terminate inbound HTTP connections. The vulnerability only impacts a limited number of HTTP/2 implementations, with most major systems already fortified against such attacks following guidelines from RFC 9113. The researchers, Gal Bar Nahum, Anat Bremler-Barr, and Yaniv Harel, were credited for their discovery and cooperation in the coordinated disclosure process.