PT-2025-7910 · Unknown · Libmodsecurity

Theseion

Published

2025-02-13

Updated

2025-03-31

CVE-2025-27110

CVSS v4.0

7.9

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

Name of the Vulnerable Software and Affected Versions Libmodsecurity version 3.0.13

Description A bug exists in Libmodsecurity3 that prevents it from decoding encoded HTML entities containing leading zeroes. This issue does not have any known workarounds.

Recommendations For version 3.0.13, update to version 3.0.14 to resolve the issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-172

Related Identifiers

BDU:2025-02209

BIT-MODSECURITY-2025-27110

BIT-MODSECURITY2-2025-27110

CVE-2025-27110

GHSA-42W7-RMV5-4X2J

OPENSUSE-SU-2025:14946-1

Affected Products

Libmodsecurity

PT-2025-7910 · Unknown · Libmodsecurity

CVE-2025-27110

Weakness Enumeration

Related Identifiers

Affected Products

References · 23