216.73.217.126

CVE-2025-13466

· Published 24/11/2025 19:15 · Modified 25/11/2025 22:16

Labels: CVE-2025-13466 2025-11-24CVE-2025-13466CWE-400ce714d77-add3-4f53-aff5-83d477b104bb

Essential information

Published
24/11/2025 19:15
Modified
25/11/2025 22:16
Author
Creator
CVSS
5.5 MEDIUM (v3) 5.5 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of parameters. An attacker can send payloads containing thousands of parameters within the default 100KB request size limit, causing elevated CPU and memory usage. This can lead to service slowdown or partial outages under sustained malicious traffic. This issue is addressed in version 2.2.1.

NVD status

Status
Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source
ce714d77-add3-4f53-aff5-83d477b104bb
NVD
View on NVD

References