CVE-2025-27110

Exploit

EPSS 0.07%
Published 25.02.2025 20:15:37
Last modified 28.02.2025 13:35:22
Source security-advisories@github.com
Teams watchlist Login
Open Login

Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web traffic and applying traditional ModSecurity processing. A bug that exists only in Libmodsecurity3 version 3.0.13 means that, in 3.0.13, Libmodsecurity3 can't decode encoded HTML entities if they contains leading zeroes. Version 3.0.14 contains a fix. No known workarounds are available.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Trustwave ≫ Modsecurity Version3.0.13

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.07%	0.229

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
security-advisories@github.com	7.9	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-172 Encoding Error

The product does not properly encode or decode the data, resulting in unexpected values.

https://github.com/owasp-modsecurity/ModSecurity/issues/3340

Exploit

Issue Tracking

https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-42w7-rmv5-4x2j

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-27110

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-27110

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-27110

EUVD