.. _vulnerabilityManagement_securityAdvisory_2025_CVE-2025-48976:

CVE-2025-48976
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Data: 2025-06-20

Severity: High

CVSS Score:  8.7 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N)

Riferimenti:  

- `https://nvd.nist.gov/vuln/detail/CVE-2025-48976 <https://nvd.nist.gov/vuln/detail/CVE-2025-48976>`_
- `https://ossindex.sonatype.org/vulnerability/CVE-2025-48976 <https://ossindex.sonatype.org/vulnerability/CVE-2025-48976>`_
- `https://github.com/advisories/GHSA-vv7r-c36w-3prj <https://github.com/advisories/GHSA-vv7r-c36w-3prj>`_

Libreria: commons-fileupload:commons-fileupload < 1.6.0

**Descrizione**

[CVE-2025-48976] CWE-770: Allocation of Resources Without Limits or Throttling

Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload.

This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4.

Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the issue.

**GovWay**

Versione affette: <= 3.3.16.p2

Risoluzione: 3.3.17