VDB
CVE-2025-29914
CVE-2025-29914
PUBLISHED
CVSS 5.400000095367432 MEDIUM
OWASP Coraza WAF has parser confusion which leads to wrong URI in `REQUEST_FILENAME`
EPSS 0.11% · 28.8th percentile
Risk Scores
CVSS 3.1
5.400000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
EPSS Score
0.11%
28.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | corazawaf/coraza/v3 | 0, 0 |
| github.com | jptosso/coraza-waf | 0, 0 |
| corazawaf | coraza | < 3.3.3, < 3.3.3 |
Timeline
- Jan 21, 1970 Security Advisory
- Mar 20, 2025 CVE Published
- Mar 20, 2025 Coalition ESS Score
- Mar 20, 2025 PoC Published
- Mar 20, 2025 PoC Published
- Mar 20, 2025 CVE Updated
- Mar 20, 2025 PoC Published
- Mar 20, 2025 PoC Published
- Mar 21, 2025 EPSS Score
- Apr 3, 2025 EPSS Score
- Apr 17, 2025 EPSS Score
- Apr 30, 2025 EPSS Score