CNNVD-202507-091 Information

CNNVD ID

CNNVD-202507-091

Related CVE

CVE-2025-52891

• CNNVD Published: 2025-07-02

Description (Chinese)

ModSecurity是OWASP ModSecurity开源的一个开源、跨平台的web应用程序防火墙（WAF）引擎。 ModSecurity 2.9.8至2.9.11之前版本存在输入验证错误漏洞，该漏洞源于空XML标签可能导致分段错误。

Description (English)

ModSecurity is an open source of OWASP ModSecurity, a cross-platform web application firewall (WAF) engine. ModSecurity 2.9.8 to 2.9.11 has an input authentication error that originated in an empty XML label that could result in a break error.

Hazard Level

High

Vulnerability Type

输入验证错误

Affected Vendor

Owl Cyber Defense

Published

2025-07-02

Last Modified

2026-02-24

References

https://github.com/owasp-modsecurity/ModSecurity/commit/ecd7b9736836eee391d25f35d5bd06a3ce35a45d https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-gw9c-4wfm-vj3x https://access.redhat.com/security/cve/cve-2025-52891

Patch

https://github.com/owasp-modsecurity/ModSecurity/releases