CVE-2025-48976

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-48976
Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the issue.
CVSS

No CVSS.

References
Link Resource
http://www.openwall.com/lists/oss-security/2025/06/16/4 Mailing List Third Party Advisory
https://lists.apache.org/thread/fbs3wrr3p67vkjcxogqqqqz45pqtso12 Mailing List Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apache:commons_fileupload:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:commons_fileupload:2.0.0:m1-rc1:*:*:*:*:*:*
cpe:2.3:a:apache:commons_fileupload:2.0.0:m2:*:*:*:*:*:*
cpe:2.3:a:apache:commons_fileupload:2.0.0:m2-rc1:*:*:*:*:*:*
cpe:2.3:a:apache:commons_fileupload:2.0.0:m3:*:*:*:*:*:*
cpe:2.3:a:apache:commons_fileupload:2.0.0:m3-rc1:*:*:*:*:*:*
cpe:2.3:a:apache:commons_fileupload:2.0.0:m1:*:*:*:*:*:*
History

15 Jul 2025, 14:21

Type Values Removed Values Added
CPE cpe:2.3:a:apache:commons_fileupload:2.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:commons_fileupload:2.0.0:m4-rc1:*:*:*:*:*:*		 cpe:2.3:a:apache:commons_fileupload:2.0.0:m1:*:*:*:*:*:*

15 Jul 2025, 13:40

Type Values Removed Values Added
CPE cpe:2.3:a:apache:commons_fileupload:2.0.0:m4:*:*:*:*:*:*

02 Jul 2025, 18:29

Type Values Removed Values Added
References () https://lists.apache.org/thread/fbs3wrr3p67vkjcxogqqqqz45pqtso12 - () https://lists.apache.org/thread/fbs3wrr3p67vkjcxogqqqqz45pqtso12 - Mailing List, Vendor Advisory
References () http://www.openwall.com/lists/oss-security/2025/06/16/4 - () http://www.openwall.com/lists/oss-security/2025/06/16/4 - Mailing List, Third Party Advisory
CPE cpe:2.3:a:apache:commons_fileupload:2.0.0:m3:*:*:*:*:*:*
cpe:2.3:a:apache:commons_fileupload:2.0.0:m3-rc1:*:*:*:*:*:*
cpe:2.3:a:apache:commons_fileupload:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:commons_fileupload:2.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:commons_fileupload:2.0.0:m2-rc1:*:*:*:*:*:*
cpe:2.3:a:apache:commons_fileupload:2.0.0:m2:*:*:*:*:*:*
cpe:2.3:a:apache:commons_fileupload:2.0.0:m4-rc1:*:*:*:*:*:*
cpe:2.3:a:apache:commons_fileupload:2.0.0:m1-rc1:*:*:*:*:*:*
cpe:2.3:a:apache:commons_fileupload:2.0.0:m4:*:*:*:*:*:*
First Time Apache commons Fileupload
Apache

16 Jun 2025, 20:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2025/06/16/4 -

16 Jun 2025, 15:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-06-16 15:15

Updated : 2025-07-15 14:21

NVD link : CVE-2025-48976

Mitre link : CVE-2025-48976

JSON object : View

Products Affected

apache

  • commons_fileupload
CWE

No CWE.