Vulnerability in Owasp-modsecurity Modsecurity
CVE-2025-54571
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. In versions 2.9.11 and below, an attacker can override the HTTP response’s Content-Type, which could lead to several issues depe…
EPSS: 0.003 (54.0th percentile) — read the EPSS interpretation.
Affected products
- Owasp-modsecurity Modsecurity — versions < 2.9.12
Weakness classification (CWE)
Public proof-of-concept exploits
References
- https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-cg44-9m43-3f9v (x_refsource_CONFIRM)
- https://github.com/owasp-modsecurity/ModSecurity/issues/2514 (x_refsource_MISC)
- https://github.com/owasp-modsecurity/ModSecurity/commit/6d7e8eb18f2d7d368fb8e29516fcdeaeb8d349b8 (x_refsource_MISC)
Frequently asked questions
- What is CVE-2025-54571?
- CVE-2025-54571 is a vulnerability in Owasp-modsecurity Modsecurity, classified under CWE-252. Published 2025-08-05.
- Is CVE-2025-54571 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.