PT-2025-23654 · Multer · Multer
Dvtradeling
·
Published
2025-06-03
·
Updated
2026-06-04
·
CVE-2025-48997
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Multer versions 1.4.4-lts.1 through 2.0.0
Description
A Denial of Service (DoS) issue is present, allowing an attacker to crash the process by sending an upload file request with an empty string field name, causing an unhandled exception.
Recommendations
For Multer versions 1.4.4-lts.1 through 2.0.0, upgrade to version 2.0.1 to receive a patch.
Exploit
Fix
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Multer