Two critical vulnerabilities in Multer, a middleware for Node.js, have been disclosed, affecting all versions up to 2.0.0. CVE-2025-47944 allows attackers to trigger a Denial of Service by sending malformed multipart requests, crashing servers through unhandled exceptions. CVE-2025-47935 addresses a memory leak that consumes system resources over time due to unclosed streams, potentially crippling the server during repeated failures. The vulnerabilities are particularly alarming given Multer's role in handling user-uploaded content and require no permissions to exploit.
The high-severity vulnerabilities in Multer allow attackers to cause a Denial of Service (DoS) by sending malformed multi-part upload requests, crashing Node.js applications.
CVE-2025-47944 lets attackers crash Node.js apps with a crafted multipart/form-data request, while CVE-2025-47935 leads to memory leaks affecting system resources.
Collection
[
|
...
]