CVE-2025-48976

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-48976
Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the issue.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://lists.apache.org/thread/fbs3wrr3p67vkjcxogqqqqz45pqtso12 Mailing List Vendor Advisory
http://www.openwall.com/lists/oss-security/2025/06/16/4 Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/07/msg00008.html
https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apache:commons_fileupload:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:commons_fileupload:2.0.0:m1:*:*:*:*:*:*
cpe:2.3:a:apache:commons_fileupload:2.0.0:m1-rc1:*:*:*:*:*:*
cpe:2.3:a:apache:commons_fileupload:2.0.0:m2:*:*:*:*:*:*
cpe:2.3:a:apache:commons_fileupload:2.0.0:m2-rc1:*:*:*:*:*:*
cpe:2.3:a:apache:commons_fileupload:2.0.0:m3:*:*:*:*:*:*
cpe:2.3:a:apache:commons_fileupload:2.0.0:m3-rc1:*:*:*:*:*:*
History

03 Nov 2025, 20:19

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2025/07/msg00008.html -
  • () https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html -
Information

Published : 2025-06-16 15:15

Updated : 2025-11-03 20:19

NVD link : CVE-2025-48976

Mitre link : CVE-2025-48976

CVE.ORG link : CVE-2025-48976

JSON object : View

Products Affected

apache

  • commons_fileupload
CWE
CWE-770

Allocation of Resources Without Limits or Throttling