CVE-2025-48866

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions ModSecurity versions prior to 2.9.10

Description The issue is a denial of service vulnerability. It affects the sanitiseArg (and its alias sanitizeArg) action, which is vulnerable to adding an excessive number of arguments, leading to denial of service.

Recommendations For versions prior to 2.9.10, update to version 2.9.10 to resolve the issue. As a temporary workaround, avoid using rules that contain the sanitiseArg (or sanitizeArg) action.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1050

Related Identifiers

AZL-62229

AZL-62231

BDU:2025-06497

BIT-MODSECURITY-2025-48866

BIT-MODSECURITY2-2025-48866

CVE-2025-48866

DLA-4212-1

DSA-5940-1

GHSA-859R-VVV8-RM8R

GHSA-F82J-8PP7-CW2W

INFSA-2025_12838

MGASA-2025-0192

OESA-2025-1676

OESA-2025-1750

OPENSUSE-SU-2025:15197-1

RHSA-2025:12838

RHSA-2025:13670

RHSA-2025:13716

RHSA-2025:13775

RHSA-2025_12838

SUSE-SU-2025:02028-1

SUSE-SU-2025:02029-1

SUSE-SU-2025:02052-1

SUSE-SU-2025_02028-1

SUSE-SU-2025_02029-1

SUSE-SU-2025_02052-1

USN-7567-1

Affected Products

Astra Linux

Debian

Linuxmint

Modsecurity

Red Hat

Rocky Linux

Suse

Ubuntu

CVE-2025-48866

Weakness Enumeration

Related Identifiers

Affected Products

References · 55