CVE-2025-54571 — Unchecked Return Value in Modsecurity

CWE-252 — Unchecked Return Value CWE-79 — Cross-site Scripting6 documents6 sources

Severity

6.9MEDIUMNVD

EPSS

0.1%

top 81.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Owasp-modsecurity Modsecurity Owasp Modsecurity

Timeline

PublishedAug 6

Latest updateJan 15

Description

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. In versions 2.9.11 and below, an attacker can override the HTTP response’s Content-Type, which could lead to several issues depending on the HTTP scenario. For example, we have demonstrated the potential for XSS and arbitrary script source code disclosure in the latest version of mod_security2. This issue is fixed in version 2.9.12.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

▶NVDowasp/modsecurity2.0.0 — 2.9.12

▶CVEListV5owasp-modsecurity/modsecurity< 2.9.12

Patches

Patch: github.com ↗

🔴Vulnerability Details

OSV

CVE-2025-54571: ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx↗2025-08-06

▶

CVEList

ModSecurity's Insufficient Return Value Handling can Lead to XSS and Source Code Disclosure↗2025-08-05

▶

📋Vendor Advisories

Oracle

Oracle Oracle Communications Risk Matrix: Core (ModSecurity) — CVE-2025-54571↗2026-01-15

▶

Red Hat

mod_security: ModSecurity Content-Type Override Vulnerability↗2025-08-05

▶

Debian

CVE-2025-54571: modsecurity-apache - ModSecurity is an open source, cross platform web application firewall (WAF) eng...↗2025

▶