
We found results for “”
CVE-2025-48866
Good to know:

Date: June 2, 2025
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of service vulnerability similar to GHSA-859r-vvv8-rm8r/CVE-2025-47947. The "sanitiseArg" (and "sanitizeArg" - this is the same action but an alias) is vulnerable to adding an excessive number of arguments, thereby leading to denial of service. Version 2.9.10 fixes the issue. As a workaround, avoid using rules that contain the "sanitiseArg" (or "sanitizeArg") action.
Severity Score
Related Resources (8)
Severity Score
Weakness Type (CWE)
Excessive Platform Resource Consumption within a Loop
CWE-1050Top Fix

Upgrade Version
Upgrade to version https://github.com/owasp-modsecurity/ModSecurity.git - v2.9.10
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | NONE |
Integrity (I): | NONE |
Availability (A): | HIGH |