Is CVE-2025-48976 known to be exploited?

7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Software Foundation Commons Fileupload

CVE-2025-48976

Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are…

EPSS: 0.633 (99.1th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Commons Fileupload — versions 1.0, 2.0.0-M1

Public proof-of-concept exploits

nankuo/CVE-2025-48976_CVE-2025-48988
PuddinCat/GithubRepoSpider
Samb102/POC-CVE-2025-48988-CVE-2025-48976
nankuo/CVE-2025-48976_
nomi-sec/PoC-in-GitHub
plzheheplztrying/cve_
w4zu/Debian_

References

lists.apache.org/thread/fbs3wrr3p67vkjcxogqqqqz45pqtso12 (vendor-advisory)

Frequently asked questions

What is CVE-2025-48976?: CVE-2025-48976 is a vulnerability in Apache Software Foundation Commons Fileupload. Published 2025-06-16.
Is CVE-2025-48976 known to be exploited?: 7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.