Denial of Service Vulnerability in Middleware by RS
CVE-2025-47908

7.5HIGH

Key Information:

Vendor: Github.com/rs/cors
Status: Github.com/rs/cors
Vendor: CVE Published:; 6 August 2025

🔔 Create Github.com/rs/cors Vulnerability Alert

What is CVE-2025-47908?

A vulnerability in RS Middleware allows attackers to exploit a flaw in the handling of malicious preflight requests. When an Access-Control-Request-Headers (ACRH) header with excessive commas is processed, it leads to excessive heap allocations. This behavior can be manipulated to generate significant load on the server, resulting in potential service disruptions and unavailability for legitimate users.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

github.com/rs/cors 1.9.0 < 1.11.0

References

https://github.com/rs/cors/pull/171

https://github.com/rs/cors/issues/170

https://pkg.go.dev/vuln/GO-2024-2883

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 6, 2025
Vulnerability Reserved
May 13, 2025

Credit

@jub0bs

JSON

Github.com/rs/cors

What is CVE-2025-47908?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.