CVE-2025-47935

Name of the Vulnerable Software and Affected Versions: Multer versions prior to 2.0.0

Description: The issue is related to improper stream handling in Multer, a node.js middleware for handling multipart/form-data. This leads to a resource exhaustion and memory leak issue when the HTTP request stream emits an error, as the internal busboy stream is not closed. As a result, unclosed streams accumulate over time, consuming memory and file descriptors, which can cause denial of service under sustained or repeated failure conditions. All users of Multer handling file uploads are potentially impacted.

Recommendations: For versions prior to 2.0.0, upgrade to 2.0.0 to receive a patch. As a temporary workaround, consider restricting the use of Multer for handling file uploads until the issue is resolved.