CVE-2025-27110
published 2025-02-25CVE-2025-27110: Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web traffic and…
PriorityP343high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
EPSS
0.44%
35.4th percentile
Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web traffic and applying traditional ModSecurity processing. A bug that exists only in Libmodsecurity3 version 3.0.13 means that, in 3.0.13, Libmodsecurity3 can't decode encoded HTML entities if they contains leading zeroes. Version 3.0.14 contains a fix. No known workarounds are available.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | modsecurity | < modsecurity 3.0.14-1 (forky) | modsecurity 3.0.14-1 (forky) |
| owasp-modsecurity | modsecurity | — | — |
| trustwave | modsecurity | — | — |
| trustwave | modsecurity | >= 0 < 3.0.14-1 | 3.0.14-1 |
| trustwave | modsecurity | >= 0 < 3.0.14-1 | 3.0.14-1 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv4.07.9HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
osv7.9HIGH
vendor_debian7.9LOW
vendor_redhat7.9HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CVE-2025-27110: Libmodsecurity is one component of the ModSecurity v3 project
osv·2025-02-25·CVSS 7.9
CVE-2025-27110 [HIGH] CVE-2025-27110: Libmodsecurity is one component of the ModSecurity v3 project
Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web traffic and applying traditional ModSecurity processing. A bug that exists only in Libmodsecurity3 version 3.0.13 means that, in 3.0.13, Libmodsecurity3 can't decode encoded HTML entities if they contains leading zeroes. Version 3.0.14 contains a fix. No known workarounds are available.
Red Hat
mod_security: Libmodsecurity3 has possible bypass of encoded HTML entities
vendor_redhat·2025-02-25·CVSS 7.9
CVE-2025-27110 [HIGH] CWE-172 mod_security: Libmodsecurity3 has possible bypass of encoded HTML entities
mod_security: Libmodsecurity3 has possible bypass of encoded HTML entities
Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web traffic and applying traditional ModSecurity processing. A bug that exists only in Libmodsecurity3 version 3.0.13 means that, in 3.0.13, Libmodsecurity3 can't decode encoded HTML entities if they contains leading zeroes. Version 3.0.14 contains a fix. No known workarounds are available.
A flaw was found in the ibmodsecurity3 component of the ModSecurity project. Due to an error in handling encoding, ModSecurity cannot decode HTML entities if they contain leading zeroes. This issue may allow malicious payloads to pass through security filters in configurations relying on
Debian
CVE-2025-27110: modsecurity - Libmodsecurity is one component of the ModSecurity v3 project. The library codeb...
vendor_debian·2025·CVSS 7.9
CVE-2025-27110 [HIGH] CVE-2025-27110: modsecurity - Libmodsecurity is one component of the ModSecurity v3 project. The library codeb...
Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web traffic and applying traditional ModSecurity processing. A bug that exists only in Libmodsecurity3 version 3.0.13 means that, in 3.0.13, Libmodsecurity3 can't decode encoded HTML entities if they contains leading zeroes. Version 3.0.14 contains a fix. No known workarounds are available.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved (fixed in 3.0.14-1)
sid: resolved (fixed in 3.0.14-1)
trixie: resolved (fixed in 3.0.14-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-02-25
Published