CVE-2025-48976

ADVISORY - github

Summary

Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload.

This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4.

Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the issue.

EPSS Score⁠: 0.63258 (0.991)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-770⁠

Allocation of Resources Without Limits or Throttling

ADVISORY - github

CWE-770⁠

Allocation of Resources Without Limits or Throttling

ADVISORY - redhat

CWE-770⁠

Allocation of Resources Without Limits or Throttling

Impacted images

Advisories

NIST

CREATED

1 year ago

UPDATED

8 months ago

ADVISORY IDCVE-2025-48976⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-770⁠

CVSS SCORE

7.5high

GitHub

CREATED

1 year ago

UPDATED

8 months ago

ADVISORY IDGHSA-vv7r-c36w-3prj⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-770⁠

CVSS SCORE

8.7high

Debian

CREATED

1 year ago

UPDATED

2 months ago

ADVISORY IDCVE-2025-48976⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

1 year ago

UPDATED

3 months ago

ADVISORY IDCVE-2025-48976⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Alma

CREATED

10 months ago

UPDATED

10 months ago

ADVISORY IDALSA-2025:14177⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Alma

CREATED

10 months ago

UPDATED

10 months ago

ADVISORY IDALSA-2025:14181⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Amazon

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY IDALAS2-2025-2920⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Amazon

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY IDALAS2023-2025-1064⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Amazon

CREATED

1 year ago

UPDATED

10 months ago

ADVISORY IDALAS2023-2025-1065⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Red Hat

CREATED

1 year ago

UPDATED

6 months ago

ADVISORY IDCVE-2025-48976⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-770⁠

CVSS SCORE

5.3medium

Rocky

CREATED

10 months ago

UPDATED

9 months ago

ADVISORY IDRLSA-2025:14177⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Rocky

CREATED

9 months ago

UPDATED

9 months ago

ADVISORY IDRLSA-2025:14178⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Rocky

CREATED

9 months ago

UPDATED

9 months ago

ADVISORY IDRLSA-2025:14179⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Rocky

CREATED

9 months ago

UPDATED

8 months ago

ADVISORY IDRLSA-2025:14181⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

10 months ago

UPDATED

10 months ago

ADVISORY IDELSA-2025-14177⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

10 months ago

UPDATED

10 months ago

ADVISORY IDELSA-2025-14178⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

10 months ago

UPDATED

10 months ago

ADVISORY IDELSA-2025-14179⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

10 months ago

UPDATED

10 months ago

ADVISORY IDELSA-2025-14181⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Chainguard

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY ID

CGA-24m3-2cjh-6mxx

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

6 months ago

UPDATED

6 months ago

ADVISORY ID

CGA-jwxx-8jj7-h645

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY ID

CGA-m664-rwh4-w72w

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY ID

CGA-xmrq-2g6w-rj66

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

2 days ago

UPDATED

2 days ago

ADVISORY ID

MINI-3fwh-37pf-5p96

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

8 months ago

UPDATED

8 months ago

ADVISORY ID

MINI-fmhp-x964-9h9j

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

8 months ago

UPDATED

8 months ago

ADVISORY ID

MINI-m7c4-4p5h-hhvc

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY ID

MINI-w78r-7f6p-6fv3

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY