VYPR
High severityNVD Advisory· Published Jun 16, 2025· Updated Nov 3, 2025

Apache Commons FileUpload, Apache Commons FileUpload: FileUpload DoS via part headers

CVE-2025-48976

Description

Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload.

This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4.

Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
commons-fileupload:commons-fileuploadMaven
>= 1.0, < 1.6.01.6.0
org.apache.commons:commons-fileupload2-coreMaven
>= 2.0.0-M1, < 2.0.0-M42.0.0-M4

Affected products

62

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.