CVE-2025-52891 Information

Jul 04, 2025 cve

Description

ModSecurity is an open source cross platform web application firewall (WAF) engine for Apache IIS and Nginx. In versions 2.9.8 to before 2.9.11 an empty XML tag can cause a segmentation fault. If SecParseXmlIntoArgs is set to On or OnlyArgs and the request type is application/xml and at least one XML tag is empty (eg ) then a segmentation fault occurs. This issue has been patched in version 2.9.11. A workaround involves setting SecParseXmlIntoArgs to Off.

Reference

https://github.com/owasp-modsecurity/ModSecurity/commit/ecd7b9736836eee391d25f35d5bd06a3ce35a45d https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-gw9c-4wfm-vj3x

CNNVD-202507-091 (Published: 2025-07-02)

Share on:

CVE-2025-52891 Information

Description

Reference

Related CNNVD