There is an improper error handling in previous versions, see CVE 2025-54571. This release includes a fix for it. Full list of changes: fix: Improper error handling [PR from private repo - @orangetw , @pgajdos , @ylavic , @theseion , @fzipi , @airween fixed CVE-2025-54571] fix: mod_security2's regression tests [Issue #3425 - @airween ] fix: remove unused condition from msc_status_engine.c [Issue #3412 - @airween ] fix: remove unwanted '\0' string terminator from argument's value [Issue #3411 - @airween ]
v2.9.12
Inhalt
Verknuepfte CVEs
| CVE-ID | Severity (CVE.org) | CVSS (CVE.org) | EPSS | EPSS-% | Veroeffentlicht (CVE.org) |
|---|---|---|---|---|---|
| MEDIUM | 6.9 | - | - | 2025-08-05 |
Quellen-Details
| Bezeichnung | Name | Kategorie | Tags | Zielgruppe | Sprache | Feed-URL |
|---|---|---|---|---|---|---|
| OWASP ModSecurity Releases | vendor_advisory | waf, modsecurity, owasp | - | de | https://github.com/owasp-modsecurity/ModSecurity/releases.atom |