CVE-2025-27110

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Feb 25, 2025

Updated: Feb 28, 2025

CWE ID 172

Summary

CVE-2025-27110 is a vulnerability affecting Libmodsecurity version 3.0.13. This component of the ModSecurity v3 project decodes HTML entities for ModSecurity Connectors. The issue lies in the Libmodsecurity3 library's inability to decode entities containing leading zeroes. Version 3.0.14 includes a fix for this vulnerability, and currently, no known workarounds exist.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

ModSecurity

Affected Vendors

ModSecurity

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/3fmruR
https://www.cve.org/CVERecord?id=CVE-2025-27110
https://nvd.nist.gov/vuln/detail/CVE-2025-27110

Back to Vulnerability Database