7.5
CVE-2025-48866
- EPSS 1.07%
- Veröffentlicht 02.06.2025 15:46:19
- Zuletzt bearbeitet 02.07.2025 18:11:34
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginModSecurity has possible DoS vulnerability in sanitiseArg action
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of service vulnerability similar to GHSA-859r-vvv8-rm8r/CVE-2025-47947. The `sanitiseArg` (and `sanitizeArg` - this is the same action but an alias) is vulnerable to adding an excessive number of arguments, thereby leading to denial of service. Version 2.9.10 fixes the issue. As a workaround, avoid using rules that contain the `sanitiseArg` (or `sanitizeArg`) action.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Owasp ≫ Modsecurity Version < 2.9.10
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.07% | 0.777 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security-advisories@github.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-1050 Excessive Platform Resource Consumption within a Loop
The product has a loop body or loop condition that contains a control element that directly or indirectly consumes platform resources, e.g. messaging, sessions, locks, or file descriptors.