Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2025-48976

Published Unknown
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2025-48976. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1
0.0
/10
Not Available
Base Score Metrics
Exploitability: N/A Impact: N/A

EPSS Score

v2025.03.14
0.001
probability
of exploitation in the wild

There is a 0.1% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-06-25
Exploit Probability
Percentile: 0.163
Higher than 16.3% of all CVEs

Attack Vector Metrics

Attack Vector
Not Available
Attack Complexity
Not Available
Privileges Required
Not Available
User Interaction
Not Available
Scope
Not Available

Impact Metrics

Confidentiality
Not Available
Integrity
Not Available
Availability
Not Available

Description

Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload.

This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4.

Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the issue.

Available Exploits

No exploits available for this CVE.

Related News

F5 Products Denial of Service Vulnerability

A vulnerability was identified in F5 Products. A remote attacker could exploit this vulnerability to trigger denial of service condition on the targeted system. Note: No patch is currently available for CVE-2025-48976 of the affected products. Hence, the…

Hkcert.org 2025-07-18 01:00
Read More

EU Vulnerability Database

Monitored by ENISA for EU cybersecurity

EU Coordination

Not EU Coordinated

Exploitation Status

No Known Exploitation

EUVD ID

View on ENISA

ENISA Analysis

Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload.

This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4.

Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the issue.

Affected Products (ENISA)

apache software foundation
apache commons fileupload

ENISA Scoring

EPSS Score

0.060
probability

ENISA References

https://nvd.nist.gov/vuln/detail/CVE-2025-48976
https://lists.apache.org/thread/fbs3wrr3p67vkjcxogqqqqz45pqtso12
https://github.com/apache/commons-fileupload/commit/bf68f63cfb312ef4710fb3dfb4d8e4e1665f4497
http://www.openwall.com/lists/oss-security/2025/06/16/4

Data provided by ENISA EU Vulnerability Database. Last updated: June 16, 2025

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed HIGH

Apache Commons FileUpload, Apache Commons FileUpload: FileUpload DoS via part headers

GHSA-vv7r-c36w-3prj

Advisory Details

Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the issue.

Affected Packages

Maven commons-fileupload:commons-fileupload
ECOSYSTEM: ≥1.0 <1.6.0
Maven org.apache.commons:commons-fileupload2-core
ECOSYSTEM: ≥2.0.0-M1 <2.0.0-M4

CVSS Scoring

CVSS Score

7.5

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2025-48976
WEB https://github.com/apache/commons-fileupload/commit/b247774a72a044f5d5380ae947140ee80af4e78b
WEB https://github.com/apache/commons-fileupload/commit/bf68f63cfb312ef4710fb3dfb4d8e4e1665f4497
WEB https://github.com/apache/tomcat/commit/97790a35a27d236fa053e660676c3f8196284d93
PACKAGE https://github.com/apache/commons-fileupload
WEB https://lists.apache.org/thread/fbs3wrr3p67vkjcxogqqqqz45pqtso12
WEB http://www.openwall.com/lists/oss-security/2025/06/16/4

Advisory provided by GitHub Security Advisory Database. Published: June 16, 2025, Modified: July 9, 2025

Published: Unknown
Last Modified: Unknown
Copied to clipboard!