IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by a denial of service due to Apache Commons FileUpload (CVE-2025-48976)

Authors: Created by IBM

There is a vulnerability in Apache Commons FileUpload which affects IBM WebSphere Application Server traditional and affects IBM WebSphere Application Server Liberty with the servlet-3.0, servlet-3.1, servlet-4.0, servlet-5.0 or servlet-6.0 feature enabled. CVEID: CVE-2025-48976 ^[1]
DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload.This issue affects Apache Commons FileUpload:from 1.0 before 1.6;from 2.0.0-M1 before 2.0.0-M4.Users are...

Just published by IBM: Read more