CVE-2025-48976

Data: 2025-06-20

Severity: High

CVSS Score: 8.7 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N)

Riferimenti:

• https://nvd.nist.gov/vuln/detail/CVE-2025-48976

• https://ossindex.sonatype.org/vulnerability/CVE-2025-48976

• https://github.com/advisories/GHSA-vv7r-c36w-3prj

Libreria: commons-fileupload:commons-fileupload < 1.6.0

Descrizione

[CVE-2025-48976] CWE-770: Allocation of Resources Without Limits or Throttling

Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload.

This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4.

Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the issue.

GovWay

Versione affette: <= 3.3.16.p2

Risoluzione: 3.3.17