CVE-2025-27110
Published: 25 February 2025
Description
Adversaries may exploit vulnerabilities to evade detection by hiding activity, suppressing logging, or operating within trusted or unmonitored components.
Security Summary
CVE-2025-27110 is a vulnerability in Libmodsecurity3 version 3.0.13, a core component of the ModSecurity v3 project that serves as an interface between ModSecurity Connectors and web traffic processing pipelines. The flaw causes the library to fail in decoding HTML entities that contain leading zeroes, stemming from an encoding error classified under CWE-172. This issue is specific to version 3.0.13 and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).
Remote attackers can exploit this vulnerability over the network with low attack complexity, requiring no privileges, user interaction, or special conditions. Exploitation enables high integrity impact by preventing proper decoding of certain HTML entities, potentially allowing attackers to bypass ModSecurity's traditional web application firewall rules during traffic inspection.
The vulnerability is addressed in Libmodsecurity3 version 3.0.14, which includes a targeted fix. No known workarounds exist. Additional details are available in the ModSecurity GitHub issue (https://github.com/owasp-modsecurity/ModSecurity/issues/3340) and security advisory (https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-42w7-rmv5-4x2j).
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability allows remote exploitation of a public-facing WAF component to bypass rule inspection via HTML entity decoding failure, directly enabling defense evasion.