Vulnerability in Expressjs Multer

CVE-2025-48997

Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.1 allows an attacker to trigger a Denial of Service (DoS) by sending an upload file…

EPSS: 0.004 (28.3th percentile) — read the EPSS interpretation.

Affected products

Expressjs Multer — versions >= 1.4.4-lts.1, < 2.0.1

Weakness classification (CWE)

CWE-248

References

https://github.com/expressjs/multer/security/advisories/GHSA-g5hg-p3ph-g8qg (x_refsource_CONFIRM)
https://github.com/expressjs/multer/issues/1233 (x_refsource_MISC)
https://github.com/expressjs/multer/pull/1256 (x_refsource_MISC)
https://github.com/expressjs/multer/commit/35a3272b611945155e046dd5cef11088587635e9 (x_refsource_MISC)