Description

Multer is a node.js middleware for handling `multipart/form-data`. Versions prior to 2.0.0 are vulnerable to a resource exhaustion and memory leak issue due to improper stream handling. When the HTTP request stream emits an error, the internal `busboy` stream is not closed, violating Node.js stream safety guidance. This leads to unclosed streams accumulating over time, consuming memory and file descriptors. Under sustained or repeated failure conditions, this can result in denial of service, requiring manual server restarts to recover. All users of Multer handling file uploads are potentially impacted. Users should upgrade to 2.0.0 to receive a patch. No known workarounds are available.

INFO

Published Date :

2025-05-19T19:18:38.018Z

Last Modified :

2025-05-27T20:28:27.244Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-47935 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-47935.

URL Resource
https://github.com/expressjs/multer/commit/2c8505f207d923dd8de13a9f93a4563e59933665 cve-icon cve-icon
https://github.com/expressjs/multer/pull/1120 cve-icon cve-icon
https://github.com/expressjs/multer/security/advisories/GHSA-44fp-w29j-9vj5 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact