INFSA-2025:12838: mod_security security update
Information about definition
Identificator: INFSA-2025:12838
Type: security
Release date: 2025-08-13 13:24:27 UTC
Information about package
ModSecurity is an open source intrusion detection and prevention engine for web applications.
Vulnerabilities description
- CVE-2025-48866
A denial of service flaw was found in ModSecurity. This vulnerability is present in the sanitiseArg/sanitizeArg function can be overloaded with a large number of arguments which will lead to excessive memory usage when processing json values. This may lead to a denial of service in the affected web server should memory limits be exceeded.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2025-48866
|
no information | 5.9 | no information |
Updated packages