Web Traffic Processing Vulnerability in Libmodsecurity by ModSecurity
CVE-2025-27110

7.9HIGH

Key Information:

Vendor: Owasp-modsecurity
Status: Modsecurity
Vendor: CVE Published:; 25 February 2025

Summary

Libmodsecurity3, part of the ModSecurity v3 project, contains a vulnerability in version 3.0.13 that prevents the decoding of encoded HTML entities when they contain leading zeroes. This issue impacts the processing of web traffic, compromising the library's functionality. Users are advised to upgrade to version 3.0.14 where the issue has been resolved. Current users should be aware that there are no known workarounds available for this vulnerability.

Affected Version(s)

ModSecurity = 3.0.13

References

https://github.com/owasp-modsecurity/ModSecurity/security...

x_refsource_CONFIRM

https://github.com/owasp-modsecurity/ModSecurity/issues/3340

x_refsource_MISC

CVSS V4

Score:

7.9

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Feb 25, 2025
Vulnerability Reserved
Feb 18, 2025