CVE-2025-48976

HIGH

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is affected by a denial of service due to Apache Commons FileUpload

Details

CVSS v3: 7.5
NVD published: 2025-06-16 15:15:24
EPSS: 0.4% probability · 63.1th percentile — 2026-03-30
Affected versions: cpe:2.3:a:apache:commons_fileupload:*:*:*:*:*:*:*:* cpe:2.3:a:apache:commons_fileupload:2.0.0:m1:*:*:*:*:*:* cpe:2.3:a:apache:commons_fileupload:2.0.0:m1-rc1:*:*:*:*:*:* cpe:2.3:a:apache:commons_fileupload:2.0.0:m2:*:*:*:*:*:* cpe:2.3:a:apache:commons_fileupload:2.0.0:m2-rc1:*:*:*:*:*:* cpe:2.3:a:apache:commons_fileupload:2.0.0:m3:*:*:*:*:*:* cpe:2.3:a:apache:commons_fileupload:2.0.0:m3-rc1:*:*:*:*:*:*
Summary: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the issue.
Remediation: Not available in our cache.
Exploit info: Not available in our cache.

View on NVD

TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.

Subscribe — free email digest or paid plan

Information is aggregated from multiple authoritative sources for convenience; verify with NVD and vendors before operational decisions.