QwikSec

Security Database

CVE

CWE

Training

CVE-2025-54571

Published: Aug 5, 2025

Modified: Nov 3, 2025

PUBLISHED

Description

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. In versions 2.9.11 and below, an attacker can override the HTTP response’s Content-Type, which could lead to several issues depending on the HTTP scenario. For example, we have demonstrated the potential for XSS and arbitrary script source code disclosure in the latest version of mod_security2. This issue is fixed in version 2.9.12.

Vendor	Product	Versions
owasp-modsecurity	ModSecurity	affected `< 2.9.12`

Weaknesses (CWE)

References

https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-cg44-9m43-3f9v

x_refsource_CONFIRM

https://github.com/owasp-modsecurity/ModSecurity/issues/2514

x_refsource_MISC

https://github.com/owasp-modsecurity/ModSecurity/commit/6d7e8eb18f2d7d368fb8e29516fcdeaeb8d349b8

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.