vulnerability
Amazon Linux AMI 2: CVE-2025-48866: Security patch for mod_security (ALAS-2025-2887)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | Jun 2, 2025 | Jun 13, 2025 | Jun 13, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
Jun 2, 2025
Added
Jun 13, 2025
Modified
Jun 13, 2025
Description
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of service vulnerability similar to GHSA-859r-vvv8-rm8r/CVE-2025-47947. The `sanitiseArg` (and `sanitizeArg` - this is the same action but an alias) is vulnerable to adding an excessive number of arguments, thereby leading to denial of service. Version 2.9.10 fixes the issue. As a workaround, avoid using rules that contain the `sanitiseArg` (or `sanitizeArg`) action.
Solutions
amazon-linux-ami-2-upgrade-mod_securityamazon-linux-ami-2-upgrade-mod_security-debuginfoamazon-linux-ami-2-upgrade-mod_security-mlogc
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.