CVE-2025-48866 – ModSecurity SanitizeArg Denial of Service Vulnerability

June 2, 2025

CVE ID : CVE-2025-48866

Published : June 2, 2025, 4:15 p.m. | 3 hours, 9 minutes ago

Description : ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of service vulnerability similar to GHSA-859r-vvv8-rm8r/CVE-2025-47947. The `sanitiseArg` (and `sanitizeArg` – this is the same action but an alias) is vulnerable to adding an excessive number of arguments, thereby leading to denial of service. Version 2.9.10 fixes the issue. As a workaround, avoid using rules that contain the `sanitiseArg` (or `sanitizeArg`) action.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-48940 – MyBB Local File Inclusion Vulnerability

Next Article CVE-2025-44115 – Cotonti Siena Cross-Site Scripting Vulnerability

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

In MCP era API discoverability is now more important than ever

Google’s DeepMind CEO lists 2 AGI existential risks to society keeping him up at night — but claims “today’s AI systems” don’t warrant a pause on development

Anthropic researchers say next-generation AI models will reduce humans to “meat robots” in a spectrum of crazy futures

Xbox just quietly added two of the best RPGs of all time to Game Pass

7 reasons The Division 2 is a game you should be playing in 2025

Mastering TypeScript: How Complex Should Your Types Be?

Mastering TypeScript: How Complex Should Your Types Be?

IDMC – CDI Best Practices

PWC-IDMC Migration Gaps

Google’s DeepMind CEO lists 2 AGI existential risks to society keeping him up at night — but claims “today’s AI systems” don’t warrant a pause on development

Google’s DeepMind CEO lists 2 AGI existential risks to society keeping him up at night — but claims “today’s AI systems” don’t warrant a pause on development

Anthropic researchers say next-generation AI models will reduce humans to “meat robots” in a spectrum of crazy futures

Xbox just quietly added two of the best RPGs of all time to Game Pass

CVE-2025-48866 – ModSecurity SanitizeArg Denial of Service Vulnerability

CVE-2025-48906 – DSoftBus Authentication Bypass Vulnerability

CVE-2025-48907 – Apache IPC Deserialization Vulnerability

Microsoft confirms limited Microsoft 365 app support on Windows 10 after October 2025

Apple and Duke Researchers Present a Reinforcement Learning Approach That Enables LLMs to Provide Intermediate Answers, Enhancing Speed and Accuracy

The best early Amazon Prime Day 2024 deals

CVE-2025-32756 – Fortinet FortiVoice Buffer Overflow Vulnerability

CVE-2025-30408 – Acronis Cyber Protect Cloud Agent Windows Privilege Escalation

Microsoft is now preparing Windows 11 24H2 for gamers as more upgrade blocks lift

AMD’s “early March” RDNA 4 GPU launch is confirmed, and it could make or break the company’s struggling PC gaming division

MoJ Confirms Massive Data Breach in Legal Aid System Affecting Applicants Since 2010

CVE-2025-48866 – ModSecurity SanitizeArg Denial of Service Vulnerability

Related Posts