We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-7338

Multer vulnerable to Denial of Service via unhandled exception from malformed request



Description

Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.2 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed multi-part upload request. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to version 2.0.2 to receive a patch. No known workarounds are available.

Reserved 2025-07-07 | Published 2025-07-17 | Updated 2025-07-17 | Assigner openjs


HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

CWE-248

Product status

Default status
unaffected

1.4.4-lts.1 before 2.0.2
affected

References

github.com/...multer/security/advisories/GHSA-fjgf-rc76-4x9p

github.com/...ommit/adfeaf669f0e7fe953eab191a762164a452d143b

cna.openjsf.org/security-advisories.html

cve.org (CVE-2025-7338)

nvd.nist.gov (CVE-2025-7338)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-7338

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.