- Description
- Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.1 allows an attacker to trigger a Denial of Service (DoS) by sending an upload file request with an empty string field name. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to `2.0.1` to receive a patch. No known workarounds are available.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 8.7
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
- security-advisories@github.com
- CWE-248
- Hype score
- Not currently trending
CVE-2025-48997 Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.1 allows a… https://t.co/I0jjk0tUYK
@CVEnew
3 Jun 2025
290 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-48997: HIGH] Vulnerability in Multer middleware (v1.4.4-lts.1 to v2.0.0) allows DoS via empty string field name in upload request. Upgrade to v2.0.1 for patch against issue.#cve,CVE-2025-48997,#cybersecurity https://t.co/znCOeVI8o2 https://t.co/a6QhKkfZQq
@CveFindCom
3 Jun 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 High-severity security fix in Multer@2.0.1 just released! - Patches CVE-2025-48997 — a crash triggered by empty field names in multipart uploads - All users should upgrade immediately: npm i multer@latest https://t.co/FTDWc8RYqg
@kom_256
3 Jun 2025
1267 Impressions
2 Retweets
9 Likes
3 Bookmarks
0 Replies
0 Quotes