{"vulnerability": "GHSA-42W7-RMV5-4X2J", "sightings": [{"uuid": "8fc21b5a-a69c-4ee5-8261-b71674d8a8bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-42W7-RMV5-4X2J", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5376", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-27110\n\ud83d\udd25 CVSS Score: 7.9 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H)\n\ud83d\udd39 Description: Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web traffic and applying traditional ModSecurity processing. A bug that exists only in Libmodsecurity3 version 3.0.13 means that, in 3.0.13, Libmodsecurity3 can't decode encoded HTML entities if they contains leading zeroes. Version 3.0.14 contains a fix. No known workarounds are available.\n\ud83d\udccf Published: 2025-02-25T20:00:44.211Z\n\ud83d\udccf Modified: 2025-02-25T20:00:44.211Z\n\ud83d\udd17 References:\n1. https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-42w7-rmv5-4x2j\n2. https://github.com/owasp-modsecurity/ModSecurity/issues/3340", "creation_timestamp": "2025-02-25T20:23:05.000000Z"}]}