CVE-2025-47947

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions ModSecurity versions up to and including 2.9.8

Description ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. The issue arises when the payload's content type is application/json, and there is at least one rule which does a sanitiseMatchedBytes action, leading to a denial of service.

Recommendations For versions up to and including 2.9.8, update to version 2.9.9, which is expected to include the patch available at pull request 3389. As a temporary workaround, consider disabling rules that perform the sanitiseMatchedBytes action when the payload's content type is application/json until a patch is available.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1050

Related Identifiers

ALSA-2025:8837

ALSA-2025:8844

AZL-62426

BDU:2025-06207

BIT-MODSECURITY-2025-47947

BIT-MODSECURITY2-2025-47947

CESA-2025_8844

CVE-2025-47947

DLA-4192-1

DSA-5940-1

GHSA-859R-VVV8-RM8R

INFSA-2025_8837

INFSA-2025_8844

MGASA-2025-0192

OESA-2025-1559

OESA-2025-1560

OESA-2025-1561

OESA-2025-1562

OESA-2025-1563

OPENSUSE-SU-2025:15197-1

RHSA-2025:13680

RHSA-2025:8605

RHSA-2025:8626

RHSA-2025:8627

RHSA-2025:8674

RHSA-2025:8837

RHSA-2025:8844

RHSA-2025:8917

RHSA-2025:8922

RHSA-2025:8937

RHSA-2025_8837

RHSA-2025_8844

SUSE-SU-2025:02028-1

SUSE-SU-2025:02029-1

SUSE-SU-2025:02052-1

SUSE-SU-2025_02028-1

SUSE-SU-2025_02029-1

SUSE-SU-2025_02052-1

USN-7567-1

Affected Products

Almalinux

Centos

Debian

Linuxmint

Modsecurity

Red Hat

Rocky Linux

Suse

Ubuntu

CVE-2025-47947

Weakness Enumeration

Related Identifiers

Affected Products

References · 67