A new vulnerability (CVE-2025-52891) in ModSecurity allows attackers to cause denial-of-service attacks by exploiting a flaw with XML parsing. Users are advised to disable the SecParseXmlIntoArgs feature or update to the patched version 2.9.11. #ModSecurity #CVE202552891
Keypoints
- The vulnerability affects ModSecurity versions from 2.9.8 up to before 2.9.11.
- The flaw occurs when parsing empty XML elements with the SecParseXmlIntoArgs feature enabled.
- Exploiting the bug can crash the WAF, leading to potential web application exposure.
- The issue stems from strlen() being called on null values, causing segmentation faults.
- Administrators are urged to disable the feature or upgrade immediately to mitigate risks.
Read More: https://gbhackers.com/critical-bug-in-modsecurity-waf/