Fluid Attacks Database

Description

Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web traffic and applying traditional ModSecurity processing. A bug that exists only in Libmodsecurity3 version 3.0.13 means that, in 3.0.13, Libmodsecurity3 can't decode encoded HTML entities if they contains leading zeroes. Version 3.0.14 contains a fix. No known workarounds are available.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	modsecurity	>=0 <3.0.14-1	3.0.14-1
debian 13	modsecurity	>=0 <3.0.14-1	3.0.14-1

Aliases

1. CVE-2025-271102. NVD-2025-271103. OSV-DEBIAN-2025-271104. OSV-2025-271105. SECURITY-TRACKER-CVE-2025-27110

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.