CVE Tools
Sign in

CVE-2025-27110

Libmodsecurity3 has possible bypass of encoded HTML entities

Published: Feb 25, 2025Updated: Feb 28, 2025 Sources: CVE List NVD BDUCWE-172
NVD MITRE
7.5CVSSHIGH
EPSS Score
0.4%
Top 64.8%
CISA KEV
Not in KEV
Exploits
No Known Exploits
Remediation
Patch Available

Description

Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web traffic and applying traditional ModSecurity processing. A bug that exists only in Libmodsecurity3 version 3.0.13 means that, in 3.0.13, Libmodsecurity3 can't decode encoded HTML entities if they contains leading zeroes. Version 3.0.14 contains a fix. No known workarounds are available.

CVSS Vector Breakdown

AV:NAC:LPR:NUI:NS:UC:NI:HA:N
Exploitability
AV:NAttack Vector
Network
AC:LAttack Complexity
Low
PR:NPrivileges Required
None
UI:NUser Interaction
None
Scope
S:UScope
Unchanged
Impact
C:NConfidentiality
None
I:HIntegrity
High
A:NAvailability
None
Open in CVSS calculator →

Weaknesses

CWE-172NVD-CWE-noinfo

Affected Products

libModSecurityTrustwave Holdings, Inc.
Mixed
Networking Infrastructure / firewall
ModSecurityowasp-modsecurity
On-prem
Networking Infrastructure / firewall
modsecuritytrustwave
Mixed
Security Products / vuln-mgmt-scanner
trustwave holdings, inc.commercialNetworking Infrastructureaka trustwave
owasp-modsecurityoss-projectNetworking Infrastructureaka modsecurity, mod_security
trustwavecommercialUSSecurity Products

Exploitability

Official Patch Available

References

https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-42w7-rmv5-4x2j
github.com
https://github.com/owasp-modsecurity/ModSecurity/issues/3340
github.com
https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-42w7-rmv5-4x2j
github.com

Timeline

Published
Feb 25, 2025
Last Updated
Feb 28, 2025

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2025-27110 and every CVE in our database. Create a free account — no credit card required.

Create Free Account
Plain-language analysis
Impact assessment and exploitation scenario in plain English
Attack graph visualization
Interactive attack path and kill chain mapping
Exploit details & PoC links
ExploitDB, Metasploit, GitHub PoCs with direct links
Nuclei scanner templates
Ready-to-use vulnerability scanner templates
Full remediation guide
Patch instructions, workarounds, and compliance impact
Interactive AI chat
Ask questions about this vulnerability in natural language
Related vulnerabilities
Semantically similar CVEs and attack patterns
REST API & MCP access
Integrate vulnerability data into your workflows