AI description
CVE-2025-48976 is a denial-of-service (DoS) vulnerability affecting the Apache Commons FileUpload library. The vulnerability stems from insufficient limits on resource allocation for multipart headers. A remote attacker could exploit this vulnerability by sending a specially crafted request with an excessively large number of multipart headers. This can lead to uncontrolled memory consumption within applications using the library, potentially exhausting system resources and causing a denial of service. The issue affects Apache Commons FileUpload versions from 1.0 before 1.6, and from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or 2.0.0-M4 to mitigate the vulnerability.
- Description
- Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the issue.
- Source
- security@apache.org
- NVD status
- Analyzed
CVSS 3.1
- Type
- Secondary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- HIGH
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-770
- Hype score
- Not currently trending
⚠️Vulnerabilidades de Apache Tomcat ❗CVE-2025-49124 ❗CVE-2025-48976 ❗CVE-2025-48988 ❗CVE-2025-49125 ➡️Más info: https://t.co/7eAROdxPbW https://t.co/ARhqdX4TGr
@CERTpy
19 Jun 2025
109 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-48976, -988, -49125: Multiple vulns in Apache Tomcat, 7.5 rating❗️ Vulns in Apache Tomcat allow an attacker to perform DoS and get resources through insecure path. Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/NEVLdmshbP #cybersecurity #vulnerability_
@Netlas_io
18 Jun 2025
751 Impressions
3 Retweets
13 Likes
3 Bookmarks
0 Replies
0 Quotes
2025年6月16日、Apache Tomcatに重大な脆弱性が複数報告された。 CVE-2025-48976およびCVE-2025-48988は高深刻度のDoS攻撃を可能にし、CVE-2025-49124とCVE-2025-49125は認証回避や権限昇格の恐れがある。 影響範囲はTomcat 9.0.xから1
@yousukezan
17 Jun 2025
9081 Impressions
27 Retweets
85 Likes
36 Bookmarks
0 Replies
4 Quotes
Apache Tomcatで複数脆弱性が修正。DoS2件(CVE-2025-48976, CVE-2025-48988)、Windowsインストーラでのサイドローディング(CVE-2025-49124)、Pre/PostResourcesにおけるセキュリティ制約回避(CVE-2025-49125)。 https://t.co/3DJG9PvXp6
@__kokumoto
17 Jun 2025
1198 Impressions
2 Retweets
7 Likes
3 Bookmarks
0 Replies
0 Quotes
CVE-2025-48976: Apache Commons FileUpload: DoS via part headers https://t.co/MrRmywUj19 Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability
@oss_security
17 Jun 2025
336 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
Apache Tomcat patched four vulnerabilities (CVE-2025-48976, CVE-2025-48988, CVE-2025-49124, CVE-2025-49125) affecting versions 9.0, 10.1, and 11.0, ranging from DoS to privilege bypass. Update immediately. #ApacheTomcat #Vulnerability https://t.co/lNt1FXhZtO
@the_yellow_fall
17 Jun 2025
178 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-48976 Denial of Service Vulnerability in Apache Commons FileUpload Versions 1.0-1.5 and 2.0.0-M1-M3 https://t.co/cs9V1d7XGl
@VulmonFeeds
16 Jun 2025
64 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-48976 Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons Fi… https://t.co/wQyRvCvL9E
@CVEnew
16 Jun 2025
352 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Heads up CVE watchers! We just published CVE-2025-48976: Apache Commons FileUpload: DoS via part headers. Pick up version 1.6.0 or 2.0.0-M4 https://t.co/OnoNtxXRpg #cve #apache #security
@GaryGregory
16 Jun 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:commons_fileupload:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "20D93D43-A57F-4C1E-82AC-EB50648742EE",
"versionEndExcluding": "1.6",
"versionStartIncluding": "1.0"
},
{
"criteria": "cpe:2.3:a:apache:commons_fileupload:2.0.0:m1-rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EB892667-4AF8-41C6-9F40-D800CA16A8C6"
},
{
"criteria": "cpe:2.3:a:apache:commons_fileupload:2.0.0:m2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9AE1594A-1C38-461E-B949-76A0C24A3C7F"
},
{
"criteria": "cpe:2.3:a:apache:commons_fileupload:2.0.0:m2-rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "827AA598-1A62-4529-A7C7-37EB9D56BE6A"
},
{
"criteria": "cpe:2.3:a:apache:commons_fileupload:2.0.0:m3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AA5C9AC9-56E6-4864-9965-827C93755F8B"
},
{
"criteria": "cpe:2.3:a:apache:commons_fileupload:2.0.0:m3-rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C2395D9D-DEF6-4CC7-87F9-6D8FC9DCEE74"
},
{
"criteria": "cpe:2.3:a:apache:commons_fileupload:2.0.0:m4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "36A58019-F9C1-4CDA-A771-3B0A33ED990F"
},
{
"criteria": "cpe:2.3:a:apache:commons_fileupload:2.0.0:m4-rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E85A6BEC-61C6-41DB-BD28-5017CEE2EFEA"
},
{
"criteria": "cpe:2.3:a:apache:commons_fileupload:2.0.0:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "331C64B9-376A-4E74-91BD-F08ECDDED312"
}
],
"operator": "OR"
}
]
}
]