OWASP ModSecurity

A newly discovered denial-of-service vulnerability (CVE-2025-52891) in ModSecurity's WAF engine affects versions 2.9.8, 2.9.9, and 2.9.10 when SecParseXmlIntoArgs is enabled. The flaw, caused by improper handling of empty XML tags, leads to segmentation faults and complete service disruption. Exploitation requires no authentication and can be executed remotely, causing server crashes and manual restarts. While the CVSS score is moderate (6.5/10), the impact is severe for affected systems, particularly those in critical sectors like government and commercial WAF vendors. Mitigation includes disabling SecParseXmlIntoArgs or applying an upcoming patch. The vulnerability highlights ongoing security challenges in WAFs, emphasizing the need for vigilance and prompt patching.

Source: https://cybersecuritynews.com/modsecurity-waf-vulnerability/

TPRM report: https://www.rankiteo.com/company/owasp-crs

"id": "owa950080725",
"linkid": "owasp-crs",
"type": "Vulnerability",
"date": "6/2025",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"

{'affected_entities': [{'industry': 'Cybersecurity',
                        'name': 'ModSecurity',
                        'type': 'Web Application Firewall'}],
 'attack_vector': 'Remote attack vector enabling attacks from anywhere on the '
                  'internet',
 'description': 'A newly discovered denial-of-service vulnerability in the '
                'ModSecurity Web Application Firewall (WAF) engine affects '
                'specific versions of mod_security2 and can be triggered by '
                'processing XML requests containing empty tags, potentially '
                'causing complete service disruption.',
 'impact': {'downtime': 'Server crashes requiring manual restart',
            'operational_impact': 'Complete service disruption',
            'systems_affected': 'ModSecurity WAF installations'},
 'lessons_learned': 'Even security-focused applications like web application '
                    'firewalls require ongoing vigilance and prompt patching '
                    'to maintain their protective capabilities against '
                    'evolving threats.',
 'post_incident_analysis': {'corrective_actions': ['Set SecParseXmlIntoArgs to '
                                                   "'Off'",
                                                   'Apply the forthcoming '
                                                   'security patch'],
                            'root_causes': 'Improper handling of empty XML '
                                           'tags during the parsing process, '
                                           'leading to a null pointer '
                                           'dereference vulnerability.'},
 'recommendations': ['Conduct immediate assessments of ModSecurity '
                     'configurations',
                     'Implement appropriate mitigation measures',
                     'Audit current ModSecurity configurations to identify '
                     'systems using the SecParseXmlIntoArgs feature'],
 'references': [{'source': 'OWASP ModSecurity'}],
 'response': {'remediation_measures': ["Set SecParseXmlIntoArgs to 'Off' in "
                                       'the ModSecurity configuration',
                                       'Apply the forthcoming security patch '
                                       'when it becomes available']},
 'title': 'Denial-of-Service Vulnerability in ModSecurity WAF Engine '
          '(CVE-2025-52891)',
 'type': 'Denial-of-Service',
 'vulnerability_exploited': 'CVE-2025-52891'}

OWASP ModSecurity

TP-Link: TP-Link’s Vulnerability: Critical Patch for VIGI Cameras

Google: Google Gemini Prompt Injection Flaw Exposed Private Calendar Data via Malicious Invites

Google: New Vulnerability Affects Google’s Fast Pair Bluetooth Protocol