CVE-2025-7338

Multer vulnerable to Denial of Service via unhandled exception from malformed request

Description

Impact

A vulnerability in Multer versions >= 1.4.4-lts.1, < 2.0.2 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed request. This request causes an unhandled exception, leading to a crash of the process.

Patches

Users should upgrade to 2.0.2

Workarounds

None

Patch Available

Fix available through Seal Security.  
No upgrade required, protect your application instantly.

Fix without upgrading

Score

7.5

Severity

High

Ecosystem

JavaScript

Publish Date

July 17, 2025

Modified Date

July 17, 2025

Score Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Versions