CVE-2025-47935
📋 TL;DR
Multer versions before 2.0.0 have a memory leak vulnerability where HTTP request stream errors cause internal busboy streams to remain open, accumulating over time. This leads to resource exhaustion and denial of service, requiring server restarts. All users handling file uploads with vulnerable Multer versions are affected.
💻 Affected Systems
- Multer
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete denial of service requiring manual server restart, with potential data loss and extended downtime.
Likely Case
Gradual performance degradation leading to eventual service disruption under sustained error conditions.
If Mitigated
Minimal impact with proper monitoring and quick response to memory pressure alerts.
🎯 Exploit Status
Exploitation requires triggering HTTP request stream errors, which can be done through malformed requests or network disruptions.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.0.0
Vendor Advisory: https://github.com/expressjs/multer/security/advisories/GHSA-44fp-w29j-9vj5
Restart Required: Yes
Instructions:
1. Update package.json to specify multer version 2.0.0 or higher. 2. Run npm update multer or yarn upgrade multer. 3. Restart the Node.js application.
🔧 Temporary Workarounds
No official workarounds
allThe vendor advisory states no known workarounds exist.
🧯 If You Can't Patch
- Implement rate limiting on file upload endpoints to reduce error frequency
- Deploy robust monitoring for memory usage and file descriptor counts with automated alerts
🔍 How to Verify
Check if Vulnerable:
Check package.json or run npm list multer to see if version is below 2.0.0Check Version:
npm list multer | grep multerVerify Fix Applied:
Confirm multer version is 2.0.0 or higher via npm list multer and monitor for memory leak patterns📡 Detection & Monitoring
Log Indicators:
- Increasing memory usage patterns
- File descriptor exhaustion errors
- HTTP request stream error messages
Network Indicators:
- Repeated failed file upload attempts
- Unusual patterns of malformed multipart requests
SIEM Query:
source="application.logs" AND ("multer" OR "busboy") AND ("error" OR "memory" OR "ENFILE" OR "EMFILE")