CVE-2025-54571

CVSS v4.0

6.9

Medium

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions ModSecurity versions 2.9.11 and below

Description ModSecurity is a web application firewall engine for Apache, IIS, and Nginx. An attacker can override the HTTP response’s Content-Type, potentially leading to issues such as cross-site scripting (XSS) and arbitrary script source code disclosure.

Recommendations Update to version 2.9.12 or later.

Exploit

Fix

XSS

Unchecked Return Value

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-252

Related Identifiers

AZL-66087

AZL-66111

BIT-MODSECURITY-2025-54571

BIT-MODSECURITY2-2025-54571

CVE-2025-54571

DLA-4294-1

GHSA-CG44-9M43-3F9V

OESA-2025-2012

OESA-2025-2013

OESA-2025-2014

OESA-2025-2015

OESA-2025-2016

OESA-2025-2062

OPENSUSE-SU-2025:15456-1

SUSE-SU-2025:03422-1

SUSE-SU-2025:03423-1

SUSE-SU-2025_03422-1

SUSE-SU-2025_03423-1

Affected Products

Apache

Debian

Iis

Modsecurity

Nginx

Suse

CVE-2025-54571

Weakness Enumeration

Related Identifiers

Affected Products

References · 46