CVE-2025-48866 — Excessive Platform Resource Consumption within a Loop in Modsecurity

CWE-1050 — Excessive Platform Resource Consumption within a Loop7 documents6 sources

Severity

7.5HIGHNVD

EPSS

1.1%

top 22.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Owasp-modsecurity Modsecurity Owasp Modsecurity

Timeline

PublishedJun 2

Latest updateJun 13

Description

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of service vulnerability similar to GHSA-859r-vvv8-rm8r/CVE-2025-47947. The `sanitiseArg` (and `sanitizeArg` - this is the same action but an alias) is vulnerable to adding an excessive number of arguments, thereby leading to denial of service. Version 2.9.10 fixes the issue. As a workaround, avoid using rules that contain the `sanitiseArg` (or …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDowasp/modsecurity< 2.9.10

▶CVEListV5owasp-modsecurity/modsecurity< 2.9.10

Patches

Patch: github.com ↗

🔴Vulnerability Details

OSV

modsecurity-apache vulnerabilities↗2025-06-13

▶

OSV

CVE-2025-48866: ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx↗2025-06-02

▶

CVEList

ModSecurity has possible DoS vulnerability in sanitiseArg action↗2025-06-02

▶

📋Vendor Advisories

Ubuntu

ModSecurity vulnerabilities↗2025-06-13

▶

Red Hat

mod_security: ModSecurity Denial of Service Vulnerability↗2025-06-02

▶

Debian

CVE-2025-48866: modsecurity-apache - ModSecurity is an open source, cross platform web application firewall (WAF) eng...↗2025

▶