Vulnerability Details CVE-2025-48976
Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload.
This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4.
Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 16.4%
CVSS Severity
CVSS v3 Score 7.5
References
Products affected by CVE-2025-48976
-
cpe:2.3:a:apache:commons_fileupload:1.0
-
cpe:2.3:a:apache:commons_fileupload:1.1
-
cpe:2.3:a:apache:commons_fileupload:1.1.1
-
cpe:2.3:a:apache:commons_fileupload:1.2
-
cpe:2.3:a:apache:commons_fileupload:1.2.1
-
cpe:2.3:a:apache:commons_fileupload:1.2.2
-
cpe:2.3:a:apache:commons_fileupload:1.3
-
cpe:2.3:a:apache:commons_fileupload:1.3.1
-
cpe:2.3:a:apache:commons_fileupload:1.3.2
-
cpe:2.3:a:apache:commons_fileupload:1.3.3
-
cpe:2.3:a:apache:commons_fileupload:1.4
-
cpe:2.3:a:apache:commons_fileupload:1.5
-
cpe:2.3:a:apache:commons_fileupload:2.0.0