CVE-2025-24033
📋 TL;DR
This vulnerability in @fastify/multipart plugin causes temporary uploaded files to persist on disk when users cancel multipart requests, leading to disk space exhaustion. It affects all applications using vulnerable versions of the plugin for file uploads. The issue allows attackers to fill server storage by repeatedly initiating and canceling uploads.
💻 Affected Systems
- @fastify/multipart
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete disk space exhaustion causing service disruption, potential data loss, and denial of service affecting all users
Likely Case
Gradual disk space consumption leading to performance degradation and eventual service unavailability
If Mitigated
Minimal impact with proper monitoring and cleanup procedures in place
🎯 Exploit Status
Exploitation requires ability to initiate multipart uploads and cancel them, but no authentication bypass needed
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 8.3.1 or 9.0.3
Vendor Advisory: https://github.com/fastify/fastify-multipart/security/advisories/GHSA-27c6-mcxv-x3fh
Restart Required: No
Instructions:
1. Update @fastify/multipart to version 8.3.1 (for v8) or 9.0.3 (for v9). 2. Run npm update @fastify/multipart or yarn upgrade @fastify/multipart. 3. Test file upload functionality.
🔧 Temporary Workarounds
Avoid saveRequestFiles
allDo not use the vulnerable saveRequestFiles function for handling multipart uploads
🧯 If You Can't Patch
- Implement manual cleanup of temporary upload directories via cron job or scheduled task
- Monitor disk usage closely and set up alerts for abnormal consumption patterns
🔍 How to Verify
Check if Vulnerable:
Check package.json for @fastify/multipart version. If version is below 8.3.1 (for v8) or below 9.0.3 (for v9), you are vulnerable.Check Version:
npm list @fastify/multipartVerify Fix Applied:
After updating, verify the version is 8.3.1+ or 9.0.3+. Test file upload cancellation to ensure temporary files are cleaned up.📡 Detection & Monitoring
Log Indicators:
- Rapid disk space consumption
- Multiple canceled upload requests
- File system errors due to lack of space
Network Indicators:
- Multiple HTTP 499 (client closed request) or cancellation patterns in upload endpoints
SIEM Query:
source="application_logs" AND ("canceled upload" OR "disk full" OR "ENOSPC")