CVE-2025-27110
CVE-2025-27110 is a high-severity vulnerability in Trustwave Modsecurity with a CVSS 3.x base score of 7.5. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-172.
Key facts
- Severity: High (CVSS 3.x base score 7.5)
- CVSS v4: 7.9
- EPSS exploit prediction: 0% (37th percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2025-5324
- Weakness: CWE-172
- Affected product: Trustwave Modsecurity
- Published:
- Last modified:
Description
Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web traffic and applying traditional ModSecurity processing. A bug that exists only in Libmodsecurity3 version 3.0.13 means that, in 3.0.13, Libmodsecurity3 can't decode encoded HTML entities if they contains leading zeroes. Version 3.0.14 contains a fix. No known workarounds are available.
Frequently asked questions
- What is CVE-2025-27110?
- Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web traffic and applying traditional ModSecurity processing. A bug that exists only in Libmodsecurity3 version 3.0.13 means that, in 3.0.13, Libmodsecurity3 can't decode encoded HTML entities if they contains leading zeroes. Version 3.0.14 contains a fix. No known workarounds are available.
- How severe is CVE-2025-27110?
- CVE-2025-27110 has a CVSS 3.x base score of 7.5, rated high severity. It is exploitable over network with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is none, integrity high, and availability none.
- Is CVE-2025-27110 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (37th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2025-27110?
- CVE-2025-27110 affects Trustwave Modsecurity. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2025-27110?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- Does CVE-2025-27110 have an EU (EUVD) identifier?
- Yes. CVE-2025-27110 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2025-5324.
- When was CVE-2025-27110 published?
- CVE-2025-27110 was published on 2025-02-25 and last updated on 2026-06-17.
References
- https://github.com/owasp-modsecurity/ModSecurity/issues/3340
- https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-42w7-rmv5-4x2j
Affected products (1)
- cpe:2.3:a:trustwave:modsecurity:3.0.13:*:*:*:*:*:*:*
More vulnerabilities in Trustwave Modsecurity
- CVE-2025-47947 — High (CVSS 7.5): ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions…
- CVE-2024-46292 — High (CVSS 7.5): A buffer overflow in modsecurity v3.0.12 allows attackers to cause a Denial of Service (DoS) via a crafted input…
- CVE-2023-24021 — High (CVSS 7.5): Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall…
- CVE-2022-48279 — High (CVSS 7.5): In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the…
- CVE-2021-42717 — High (CVSS 7.5): ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting…
- CVE-2013-1915 — High (CVSS 7.5): ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or…
All CVEs affecting Trustwave Modsecurity →
Other CWE-172 vulnerabilities
- CVE-2019-10160 — Critical (CVSS 9.8): A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3…
- CVE-2018-3777 — Critical (CVSS 9.8): Insufficient URI encoding in restforce before 3.0.0 allows attacker to inject arbitrary parameters into Salesforce API…
- CVE-2016-6691 — Critical (CVSS 9.8): service/jni/com_android_server_wifi_Gbk2Utf.cpp in the Qualcomm Wi-Fi gbk2utf module in Android before 2016-10-05…
- CVE-2026-42926 — Medium (CVSS 5.8): When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxy_http_version to 2, and also uses…
- CVE-2018-7173 — Medium (CVSS 5.5): A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an attacker to cause denial of service via a…
- CVE-2016-3829 — Medium (CVSS 5.5): The ih264d decoder in mediaserver in Android 6.x before 2016-08-01 does not initialize certain structure members, which…