216.73.217.80

CVE-2025-48075

· Published 22/05/2025 18:15 · Modified 23/05/2025 15:55

Labels: CVE-2025-48075 2025-05-22CVE-2025-48075CWE-129[email protected]

Essential information

Published
22/05/2025 18:15
Modified
23/05/2025 15:55
Author
Creator
CVSS
7.7 HIGH (v3) 7.7 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Fiber is an Express-inspired web framework written in Go. Starting in version 2.52.6 and prior to version 2.52.7, `fiber.Ctx.BodyParser` can map flat data to nested slices using `key[idx]value` syntax, but when idx is negative, it causes a panic instead of returning an error stating it cannot process the data. Since this data is user-provided, this could lead to denial of service for anyone relying on this `fiber.Ctx.BodyParser` functionality. Version 2.52.7 fixes the issue.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
fiber / fiber cpe:2.3:a:fiber:fiber:2.52.6:*:*:*:*:*:*:*
fiber / fiber cpe:2.3:a:fiber:fiber:2.52.7:*:*:*:*:*:*:*

References