CVE-2025-7338
HIGH7.5EPSS 0.04%Multer vulnerable to Denial of Service via unhandled exception from malformed request
Published: 7/17/2025Modified: 7/17/2025
Also known as:GHSA-fjgf-rc76-4x9p
Description
### Impact A vulnerability in Multer versions >= 1.4.4-lts.1, < 2.0.2 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed request. This request causes an unhandled exception, leading to a crash of the process. ### Patches Users should upgrade to `2.0.2` ### Workarounds None
Affected packages (1)
- npm/multer>= 1.4.4-lts.1, < 2.0.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
References (5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-7338
- PATCHhttps://github.com/expressjs/multer
- WEBhttps://cna.openjsf.org/security-advisories.html
- WEBhttps://github.com/expressjs/multer/commit/adfeaf669f0e7fe953eab191a762164a452d143b
- WEBhttps://github.com/expressjs/multer/security/advisories/GHSA-fjgf-rc76-4x9p