CVE-2025-54571
published 2025-08-06CVE-2025-54571: ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. In versions 2.9.11 and below, an attacker can…
PriorityP427medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.26%
17.6th percentile
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. In versions 2.9.11
and below, an attacker can override the HTTP response’s Content-Type, which could lead to several issues depending on the HTTP scenario. For example, we have demonstrated the potential for XSS and arbitrary script source code disclosure in the latest version of mod_security2. This issue is fixed in version 2.9.12.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | modsecurity-apache | < modsecurity-apache 2.9.7-1+deb12u2 (bookworm) | modsecurity-apache 2.9.7-1+deb12u2 (bookworm) |
| owasp-modsecurity | modsecurity | < 2.9.12 | 2.9.12 |
| owasp | modsecurity | >= 2.0.0 < 2.9.12 | 2.9.12 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv4.06.9MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
osv6.9MEDIUM
vendor_debian6.9MEDIUM
vendor_redhat6.9MEDIUM
vendor_oracle6.1MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Oracle
Oracle Oracle Communications Risk Matrix: Core (ModSecurity) — CVE-2025-54571
vendor_oracle·2026-01-15·CVSS 6.1
CVE-2025-54571 [MEDIUM] Oracle Oracle Communications Risk Matrix: Core (ModSecurity) — CVE-2025-54571
Oracle Oracle Communications Risk Matrix: Core (ModSecurity) vulnerability
CVE: CVE-2025-54571
CVSS: 6.1
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpujan2026 (JAN 2026)
Red Hat
mod_security: ModSecurity Content-Type Override Vulnerability
vendor_redhat·2025-08-05·CVSS 6.9
CVE-2025-54571 [MEDIUM] CWE-252 mod_security: ModSecurity Content-Type Override Vulnerability
mod_security: ModSecurity Content-Type Override Vulnerability
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. In versions 2.9.11
and below, an attacker can override the HTTP response’s Content-Type, which could lead to several issues depending on the HTTP scenario. For example, we have demonstrated the potential for XSS and arbitrary script source code disclosure in the latest version of mod_security2. This issue is fixed in version 2.9.12.
A flaw was found in mod_security. The engine may allow attackers to manipulate the HTTP response’s Content-Type header, enabling them to influence downstream processes or applications. This manipulation can be achieved remotely without authentication. Consequently, an attacker can alter th
Debian
CVE-2025-54571: modsecurity-apache - ModSecurity is an open source, cross platform web application firewall (WAF) eng...
vendor_debian·2025·CVSS 6.9
CVE-2025-54571 [MEDIUM] CVE-2025-54571: modsecurity-apache - ModSecurity is an open source, cross platform web application firewall (WAF) eng...
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. In versions 2.9.11 and below, an attacker can override the HTTP response’s Content-Type, which could lead to several issues depending on the HTTP scenario. For example, we have demonstrated the potential for XSS and arbitrary script source code disclosure in the latest version of mod_security2. This issue is fixed in version 2.9.12.
Scope: local
bookworm: resolved (fixed in 2.9.7-1+deb12u2)
bullseye: resolved (fixed in 2.9.3-3+deb11u5)
forky: resolved (fixed in 2.9.12-2)
sid: resolved (fixed in 2.9.12-2)
trixie: resolved (fixed in 2.9.11-1+deb13u1)
OSV
CVE-2025-54571: ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx
osv·2025-08-06·CVSS 6.9
CVE-2025-54571 [MEDIUM] CVE-2025-54571: ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. In versions 2.9.11 and below, an attacker can override the HTTP response’s Content-Type, which could lead to several issues depending on the HTTP scenario. For example, we have demonstrated the potential for XSS and arbitrary script source code disclosure in the latest version of mod_security2. This issue is fixed in version 2.9.12.
No detection rules found.
No public exploits indexed.
https://github.com/owasp-modsecurity/ModSecurity/commit/6d7e8eb18f2d7d368fb8e29516fcdeaeb8d349b8https://github.com/owasp-modsecurity/ModSecurity/issues/2514https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-cg44-9m43-3f9vhttps://lists.debian.org/debian-lts-announce/2025/09/msg00008.htmlhttps://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-cg44-9m43-3f9v
2025-08-06
Published