Resource Exhaustion Vulnerability in Multer Node.js Middleware

CVE-2025-47935

What is CVE-2025-47935?

Multer, a middleware for Node.js used for handling multipart form data, contains a resource exhaustion and memory leak vulnerability in versions prior to 2.0.0. This vulnerability arises from improper handling of HTTP request streams when an error is emitted. The internal busboy stream is not closed, leading to unclosed streams that consume increasing amounts of memory and file descriptors over time. Under conditions of sustained or repeated failures, this exposure can result in a denial of service, necessitating manual server restarts for recovery. Users should upgrade to version 2.0.0 or later to mitigate this issue, as no known workarounds are available.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

News Articles

The Cyber Express

CVE-2025-47944CVE-2025-47935

Multer Vulnerabilities Expose Node.js Apps To DoS Attacks

Multer vulnerabilities CVE-2025-47944 and CVE-2025-47935 put Node.js apps at risk of DoS attacks. Upgrade to version 2.0.0 to secure your applications.

References