High severityOSV Advisory· Published Jun 3, 2025· Updated Apr 15, 2026
CVE-2025-48997
CVE-2025-48997
Description
Multer is a node.js middleware for handling multipart/form-data. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.1 allows an attacker to trigger a Denial of Service (DoS) by sending an upload file request with an empty string field name. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to 2.0.1 to receive a patch. No known workarounds are available.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
multernpm | >= 1.4.4-lts.1, < 2.0.1 | 2.0.1 |
Affected products
4- osv-coords3 versions
< 3.12.6-r1+ 2 more
- (no CPE)range: < 3.12.6-r1
- (no CPE)range: < 3.12.6-r1
- (no CPE)range: >= 1.4.4-lts.1, < 2.0.1
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-g5hg-p3ph-g8qgghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-48997ghsaADVISORY
- github.com/expressjs/multer/commit/35a3272b611945155e046dd5cef11088587635e9nvdWEB
- github.com/expressjs/multer/issues/1233nvdWEB
- github.com/expressjs/multer/pull/1256nvdWEB
- github.com/expressjs/multer/security/advisories/GHSA-g5hg-p3ph-g8qgnvdWEB
News mentions
0No linked articles in our index yet.