CVE-2025-47908
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-06

Last updated on: 2025-08-07

Assigner: Go Project

Description
Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers (ACRH) header whose value contains many commas. This behavior can be abused by attackers to produce undue load on the middleware/server as an attempt to cause a denial of service.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-06
Last Modified
2025-08-07
Generated
2026-05-07
AI Q&A
2025-08-06
EPSS Evaluated
2026-05-05
NVD
CVE-2025-47908
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
rs cors *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability occurs in middleware that processes preflight requests containing an Access-Control-Request-Headers (ACRH) header with many commas. The middleware performs a large number of heap allocations when handling such requests, which can be exploited by attackers to create excessive load on the server.


How can this vulnerability impact me? :

An attacker can exploit this vulnerability to cause a denial of service by overwhelming the middleware or server with malicious preflight requests that trigger excessive heap allocations, leading to resource exhaustion and potential service disruption.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart