Denial of Service Vulnerability in Middleware by RS
CVE-2025-47908

Currently unrated

Key Information:

Vendor: Github.com/rs/cors
Status: Github.com/rs/cors
Vendor: CVE Published:; 6 August 2025

🔔 Create Github.com/rs/cors Vulnerability Alert

What is CVE-2025-47908?

A vulnerability in RS Middleware allows attackers to exploit a flaw in the handling of malicious preflight requests. When an Access-Control-Request-Headers (ACRH) header with excessive commas is processed, it leads to excessive heap allocations. This behavior can be manipulated to generate significant load on the server, resulting in potential service disruptions and unavailability for legitimate users.

Affected Version(s)

github.com/rs/cors 1.9.0 < 1.11.0

References

https://github.com/rs/cors/pull/171

https://github.com/rs/cors/issues/170

https://pkg.go.dev/vuln/GO-2024-2883

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 6, 2025
Vulnerability Reserved
May 13, 2025

Credit

@jub0bs