DoS Vulnerability in Apache Commons FileUpload by Apache
CVE-2025-48976

Currently unrated

Key Information:

Vendor: Apache
Status: Apache Commons Fileupload
Vendor: CVE Published:; 16 June 2025

What is CVE-2025-48976?

A resource allocation issue related to multipart headers has been identified in Apache Commons FileUpload, allowing for a Denial of Service (DoS) attack. This vulnerability can lead to service disruptions by consuming server resources excessively. Affected versions include Commons FileUpload from 1.0 before 1.6 and 2.0.0-M1 before 2.0.0-M4. Users are strongly advised to upgrade to the fixed versions 1.6 or 2.0.0-M4 to mitigate this risk.

Affected Version(s)

Apache Commons FileUpload 1.0 < 1.6

Apache Commons FileUpload 2.0.0-M1 < 2.0.0-M4

References

https://lists.apache.org/thread/fbs3wrr3p67vkjcxogqqqqz45...

vendor-advisory

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 16, 2025
Vulnerability Reserved
May 29, 2025

Credit

TERASOLUNA Framework Security Team of NTT DATA Group Corporation