We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-48997

Multer vulnerable to Denial of Service via unhandled exception



Description

Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.1 allows an attacker to trigger a Denial of Service (DoS) by sending an upload file request with an empty string field name. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to `2.0.1` to receive a patch. No known workarounds are available.

Reserved 2025-05-29 | Published 2025-06-03 | Updated 2025-06-03 | Assigner GitHub_M


HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-248: Uncaught Exception

Product status

>= 1.4.4-lts.1, < 2.0.1
affected

References

github.com/...multer/security/advisories/GHSA-g5hg-p3ph-g8qg

github.com/expressjs/multer/issues/1233

github.com/expressjs/multer/pull/1256

github.com/...ommit/35a3272b611945155e046dd5cef11088587635e9

cve.org (CVE-2025-48997)

nvd.nist.gov (CVE-2025-48997)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-48997

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.