A high-severity denial-of-service (DoS) vulnerability (CVE-2025-48866) has been identified in ModSecurity’s Apache module (mod_security2), threatening web application firewall stability. Rated 7.5/10 on the CVSS scale, this flaw enables attackers to crash servers by exploiting argument sanitization logic, with patches now available in version 2.9.10. Sanitisation Logic Flaw The vulnerability stems from ModSecurity’s sanitiseArg action, designed […]

The post New ModSecurity WAF Vulnerability Enables Attackers to Crash Systems appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Anupriya

Source: gbHackers
Source Link: https://gbhackers.com/modsecurity-waf-vulnerability/