We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-47944

Multer vulnerable to Denial of Service from maliciously crafted requests



Description

Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.0 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed multi-part upload request. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to version 2.0.0 to receive a patch. No known workarounds are available.

Reserved 2025-05-14 | Published 2025-05-19 | Updated 2025-05-20 | Assigner GitHub_M


HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

CWE-248: Uncaught Exception

Product status

>=1.4.4-lts.1, <2.0.0
affected

References

github.com/...multer/security/advisories/GHSA-4pg4-qvpc-4q3h

github.com/expressjs/multer/issues/1176

github.com/...ommit/2c8505f207d923dd8de13a9f93a4563e59933665

cve.org (CVE-2025-47944)

nvd.nist.gov (CVE-2025-47944)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-47944

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.