What is CVE-2025-47947?

CVE-2025-47947 is a high-severity vulnerability in Owasp-modsecurity Modsecurity, classified under CWE-1050. CVSS score: 7.5/10. Published 2025-05-21.

How severe is CVE-2025-47947?

High severity. CVSS v3 base score is 7.5 out of 10.

Is CVE-2025-47947 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Owasp-modsecurity Modsecurity

CVE-2025-47947

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case (in stable released versions): when t…

EPSS: 0.006 (70.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Owasp-modsecurity Modsecurity — versions <= 2.9.8

Weakness classification (CWE)

CWE-1050

Public proof-of-concept exploits

w4zu/Debian_

References

https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-859r-vvv8-rm8r (x_refsource_CONFIRM)
https://github.com/owasp-modsecurity/ModSecurity/pull/3389 (x_refsource_MISC)

Frequently asked questions

What is CVE-2025-47947?: CVE-2025-47947 is a high-severity vulnerability in Owasp-modsecurity Modsecurity, classified under CWE-1050. CVSS score: 7.5/10. Published 2025-05-21.
How severe is CVE-2025-47947?: High severity. CVSS v3 base score is 7.5 out of 10.
Is CVE-2025-47947 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.