CVE-2025-27110 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2025-27110 Interim 1 3 2025-04-01T23:12:11Z current 2025-03-01T00:11:51Z 2025-04-01T23:12:11Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2025-27110 Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web traffic and applying traditional ModSecurity processing. A bug that exists only in Libmodsecurity3 version 3.0.13 means that, in 3.0.13, Libmodsecurity3 can't decode encoded HTML entities if they contains leading zeroes. Version 3.0.14 contains a fix. No known workarounds are available. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GA6CQ6PAGPDDZZQONRAGSFIF4ZQCF3FK/ E-Mail link for openSUSE-SU-2025:14946-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Tumbleweed libmodsecurity3-3.0.14-1.1 modsecurity-3.0.14-1.1 modsecurity-devel-3.0.14-1.1 libmodsecurity3-3.0.14-1.1 as a component of openSUSE Tumbleweed modsecurity-3.0.14-1.1 as a component of openSUSE Tumbleweed modsecurity-devel-3.0.14-1.1 as a component of openSUSE Tumbleweed Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web traffic and applying traditional ModSecurity processing. A bug that exists only in Libmodsecurity3 version 3.0.13 means that, in 3.0.13, Libmodsecurity3 can't decode encoded HTML entities if they contains leading zeroes. Version 3.0.14 contains a fix. No known workarounds are available. CVE-2025-27110 openSUSE Tumbleweed:libmodsecurity3-3.0.14-1.1 openSUSE Tumbleweed:modsecurity-3.0.14-1.1 openSUSE Tumbleweed:modsecurity-devel-3.0.14-1.1 important 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L