{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-47944", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-05-14T10:32:43.530Z", "datePublished": "2025-05-19T19:20:45.401Z", "dateUpdated": "2025-05-20T13:13:49.579Z"}, "containers": {"cna": {"title": "Multer vulnerable to Denial of Service from maliciously crafted requests", "problemTypes": [{"descriptions": [{"cweId": "CWE-248", "lang": "en", "description": "CWE-248: Uncaught Exception", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/expressjs/multer/security/advisories/GHSA-4pg4-qvpc-4q3h", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/expressjs/multer/security/advisories/GHSA-4pg4-qvpc-4q3h"}, {"name": "https://github.com/expressjs/multer/issues/1176", "tags": ["x_refsource_MISC"], "url": "https://github.com/expressjs/multer/issues/1176"}, {"name": "https://github.com/expressjs/multer/commit/2c8505f207d923dd8de13a9f93a4563e59933665", "tags": ["x_refsource_MISC"], "url": "https://github.com/expressjs/multer/commit/2c8505f207d923dd8de13a9f93a4563e59933665"}], "affected": [{"vendor": "expressjs", "product": "multer", "versions": [{"version": ">=1.4.4-lts.1, <2.0.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-05-19T19:20:45.401Z"}, "descriptions": [{"lang": "en", "value": "Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.0 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed multi-part upload request. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to version 2.0.0 to receive a patch. No known workarounds are available."}], "source": {"advisory": "GHSA-4pg4-qvpc-4q3h", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-20T13:13:42.761276Z", "id": "CVE-2025-47944", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-20T13:13:49.579Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-47944", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-20T13:13:42.761276Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-20T13:13:45.596Z"}}], "cna": {"title": "Multer vulnerable to Denial of Service from maliciously crafted requests", "source": {"advisory": "GHSA-4pg4-qvpc-4q3h", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "expressjs", "product": "multer", "versions": [{"status": "affected", "version": ">=1.4.4-lts.1, <2.0.0"}]}], "references": [{"url": "https://github.com/expressjs/multer/security/advisories/GHSA-4pg4-qvpc-4q3h", "name": "https://github.com/expressjs/multer/security/advisories/GHSA-4pg4-qvpc-4q3h", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/expressjs/multer/issues/1176", "name": "https://github.com/expressjs/multer/issues/1176", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/expressjs/multer/commit/2c8505f207d923dd8de13a9f93a4563e59933665", "name": "https://github.com/expressjs/multer/commit/2c8505f207d923dd8de13a9f93a4563e59933665", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.0 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed multi-part upload request. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to version 2.0.0 to receive a patch. No known workarounds are available."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-248", "description": "CWE-248: Uncaught Exception"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-05-19T19:20:45.401Z"}}}, "cveMetadata": {"cveId": "CVE-2025-47944", "state": "PUBLISHED", "dateUpdated": "2025-05-20T13:13:49.579Z", "dateReserved": "2025-05-14T10:32:43.530Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-05-19T19:20:45.401Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.0 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed multi-part upload request. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to version 2.0.0 to receive a patch. No known workarounds are available."}, {"lang": "es", "value": "Multer es un middleware de Node.js para gestionar `multipart/form-data`. Una vulnerabilidad presente a partir de la versi\u00f3n 1.4.4-lts.1 y anteriores a la 2.0.0 permite a un atacante activar una denegaci\u00f3n de servicio (DoS) mediante el env\u00edo de una solicitud de carga multiparte malformada. Esta solicitud provoca una excepci\u00f3n no controlada, lo que provoca un bloqueo del proceso. Los usuarios deben actualizar a la versi\u00f3n 2.0.0 para recibir un parche. No se conocen workarounds."}], "id": "CVE-2025-47944", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2025-05-19T20:15:26.007", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/expressjs/multer/commit/2c8505f207d923dd8de13a9f93a4563e59933665"}, {"source": "security-advisories@github.com", "url": "https://github.com/expressjs/multer/issues/1176"}, {"source": "security-advisories@github.com", "url": "https://github.com/expressjs/multer/security/advisories/GHSA-4pg4-qvpc-4q3h"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-248"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{}