CVE-2025-48866

HIGH
Published Jun 2, 2025 Modified Jul 2, 2025 CWE-1050

Description

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of service vulnerability similar to GHSA-859r-vvv8-rm8r/CVE-2025-47947. The `sanitiseArg` (and `sanitizeArg` - this is the same action but an alias) is vulnerable to adding an excessive number of arguments, thereby leading to denial of service. Version 2.9.10 fixes the issue. As a workaround, avoid using rules that contain the `sanitiseArg` (or `sanitizeArg`) action.

CVSS v3.1 Score

7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Weakness Type (CWE)

CWE-1050 CWE-1050

Affected Products

Vendor Product
owasp modsecurity

References

Frequently Asked Questions

What is CVE-2025-48866? +
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of service vulnerability similar to GHSA-859r-vvv8-rm8r/CVE-2025-47947. The `sanitiseArg` (and `sanitizeArg` - this is the same action but an alias) is vulnerable to adding an excessive number of arguments, thereby leading to denial of service. Version 2.9.10 fixes the issue. As a workaround, avoid using rules that contain the `sanitiseArg` (or `sanitizeArg`) action. It has a CVSS v3.1 base score of 7.5 (HIGH).
How severe is CVE-2025-48866? +
CVE-2025-48866 has a CVSS v3.1 score of 7.5 out of 10, rated HIGH. This is a high-severity vulnerability that should be prioritized for patching.
What products are affected by CVE-2025-48866? +
CVE-2025-48866 affects products from owasp, specifically: modsecurity. Check the affected products table above for specific version ranges.
How do I check if I'm vulnerable to CVE-2025-48866? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2025-47947 7.5

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions up to …
CVE-2024-4068 7.5

The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could …
CVE-2025-32907 5.3

A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This …
CVE-2025-66022 9.6

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to version 1.7.1, an extension execution path in Faction’s extension …
CVE-2023-48171 8.8

An issue in OWASP DefectDojo before v.1.5.3.1 allows a remote attacker to escalate privileges via the user permissions component.
CVE-2024-1019 8.6

ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request …

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2025-48866 — free, no signup required.

Start Free Scan