A newly disclosed vulnerability in ModSecurity, a widely used open-source web application firewall (WAF), exposes servers to denial-of-service (DoS) attacks by exploiting a flaw in the way the software parses empty XML elements. The flaw, registered asCVE-2025-52891, affects ModSecurity versions2.9.8 to before 2.9.11and is rated with aCVSS v3 base score of 6.5 (moderate severity). Vulnerability […] The post ModSecurity WAF Vulnerability Enables DoS Using Empty XML Elements appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
First seen on gbhackers.com
Jump to article: gbhackers.com/critical-bug-in-modsecurity-waf/
