DoS Vulnerability in Apache Commons FileUpload by Apache
CVE-2025-48976
7.5HIGH
What is CVE-2025-48976?
A resource allocation issue related to multipart headers has been identified in Apache Commons FileUpload, allowing for a Denial of Service (DoS) attack. This vulnerability can lead to service disruptions by consuming server resources excessively. Affected versions include Commons FileUpload from 1.0 before 1.6 and 2.0.0-M1 before 2.0.0-M4. Users are strongly advised to upgrade to the fixed versions 1.6 or 2.0.0-M4 to mitigate this risk.
Affected Version(s)
Apache Commons FileUpload 1.0 < 1.6
Apache Commons FileUpload 2.0.0-M1 < 2.0.0-M4
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
TERASOLUNA Framework Security Team of NTT DATA Group Corporation