- Description
- Multer is a node.js middleware for handling `multipart/form-data`. Versions prior to 2.0.0 are vulnerable to a resource exhaustion and memory leak issue due to improper stream handling. When the HTTP request stream emits an error, the internal `busboy` stream is not closed, violating Node.js stream safety guidance. This leads to unclosed streams accumulating over time, consuming memory and file descriptors. Under sustained or repeated failure conditions, this can result in denial of service, requiring manual server restarts to recover. All users of Multer handling file uploads are potentially impacted. Users should upgrade to 2.0.0 to receive a patch. No known workarounds are available.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- HIGH
- security-advisories@github.com
- CWE-401
- Hype score
- Not currently trending
CVE-2025-47935 Node.js Multer Middleware Resource Exhaustion and Memory Leak Vulnerability https://t.co/XfPPPw4nlV
@VulmonFeeds
20 May 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-47935 Multer is a node.js middleware for handling `multipart/form-data`. Versions prior to 2.0.0 are vulnerable to a resource exhaustion and memory leak issue due to improp… https://t.co/FqGtto8JFg
@CVEnew
19 May 2025
244 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔐 Multer@2.0.0 is out with critical security fixes: • CVE-2025-47935 – DoS via memory leak from unclosed streams • CVE-2025-47944 – DoS via crash from malformed multipart requests • Dropped support for Node <10.16.0 Upgrade now → https://t.co/TNxvnz2dmd
@kom_256
19 May 2025
280 Impressions
1 Retweet
7 Likes
1 Bookmark
0 Replies
0 Quotes