CVE-2025-27110

Exploit

EPSS 0.27%
Veröffentlicht 25.02.2025 20:15:37
Zuletzt bearbeitet 28.02.2025 13:35:22
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Libmodsecurity3 has possible bypass of encoded HTML entities

Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web traffic and applying traditional ModSecurity processing. A bug that exists only in Libmodsecurity3 version 3.0.13 means that, in 3.0.13, Libmodsecurity3 can't decode encoded HTML entities if they contains leading zeroes. Version 3.0.14 contains a fix. No known workarounds are available.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Trustwave ≫ Modsecurity Version3.0.13

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.27%	0.508

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
security-advisories@github.com	7.9	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-172 Encoding Error

The product does not properly encode or decode the data, resulting in unexpected values.

https://github.com/owasp-modsecurity/ModSecurity/issues/3340

Exploit

Issue Tracking

https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-42w7-rmv5-4x2j

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-27110

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-27110

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-27110

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-27110