CVE-2025-7338
BaseFortify
Publication date: 2025-07-17
Last updated on: 2025-07-17
Assigner: openjs
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openjs_foundation | on-headers | * |
| expressjs | multer | 2.0.2 |
| expressjs | multer | 1.4.4-lts.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-248 | An exception is thrown from a function, but it is not caught. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Multer node.js middleware for handling multipart/form-data. It allows an attacker to cause a Denial of Service (DoS) by sending a malformed multi-part upload request, which triggers an unhandled exception and crashes the process.
How can this vulnerability impact me? :
The vulnerability can impact you by causing your application or service that uses Multer to crash unexpectedly due to a Denial of Service attack, potentially leading to downtime and loss of availability.
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to upgrade Multer to version 2.0.2 or later, as this version contains the patch for the Denial of Service vulnerability. No known workarounds are available.