CVE-2025-47908

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-47908

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-47908.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-47908

Aliases

Downstream

SUSE-SU-2025:3817-1

SUSE-SU-2025:3819-1

SUSE-SU-2025:4457-1

SUSE-SU-2025:4481-1

UBUNTU-CVE-2025-47908

openSUSE-SU-2025:15424-1

Related

Published

2025-08-06T21:15:29.313Z

Modified

2026-03-23T05:01:02.002830294Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers (ACRH) header whose value contains many commas. This behavior can be abused by attackers to produce undue load on the middleware/server as an attempt to cause a denial of service.

References

Affected packages

Git /

Affected ranges

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-47908.json"