Two critical vulnerabilities have been found in Multer, a popular Node.js middleware, enabling potential DoS attacks through malformed file uploads. Upgrading to version 2.0.0 is essential to patch these high-severity flaws. #CVE-2025-47944 #CVE-2025-47935 #Multer #NodeJsSecurity
Keypoints
- The vulnerabilities affect Multer versions from 1.4.4-lts.1 up to but not including 2.0.0.
- CVE-2025-47944 allows attackers to crash applications via malicious multipart/form-data requests.
- CVE-2025-47935 causes memory leaks that can lead to server crashes over time.
- No available workarounds exist, and the only remedy is updating to version 2.0.0.
- The flaws pose a high risk because Multer handles user uploads, making it a key attack surface in many applications.
Read More: https://thecyberexpress.com/multer-vulnerabilities-expose-node-js/