VDB

CVE-2025-29914

CVE-2025-29914 PUBLISHED CVSS 5.400000095367432 MEDIUM

OWASP Coraza WAF has parser confusion which leads to wrong URI in `REQUEST_FILENAME`

EPSS 0.11% · 28.8th percentile

Risk Scores

CVSS 3.1
5.400000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
EPSS Score
0.11%
28.8th percentile

Affected Products

VendorProductVersions
github.comcorazawaf/coraza/v30, 0
github.comjptosso/coraza-waf0, 0
corazawafcoraza< 3.3.3, < 3.3.3

Timeline

  • Jan 21, 1970 Security Advisory
  • Mar 20, 2025 CVE Published
  • Mar 20, 2025 Coalition ESS Score
  • Mar 20, 2025 PoC Published
  • Mar 20, 2025 PoC Published
  • Mar 20, 2025 CVE Updated
  • Mar 20, 2025 PoC Published
  • Mar 20, 2025 PoC Published
  • Mar 21, 2025 EPSS Score
  • Apr 3, 2025 EPSS Score
  • Apr 17, 2025 EPSS Score
  • Apr 30, 2025 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›