*Vulnerability* Details
CVE ID: CVE-2025-48976
Severity: High-risk (DoS vulnerability)
Component: commons-fileupload:commons-fileupload
Affected Versions:**** 1.0 up to (but excluding) 1.6 2.0.0-M1 up to (but excluding) 2.0.0-M4
Fixed Versions of commons-fileupload: 1.6 2.0.0-M4
Impact The vulnerability allows for denial-of-service (DoS) attacks due to insufficient limits on resource allocation for multipart headers.
Transitive Origin The commons-fileupload library is pulled in transitively by spring-cloud-openfeign dependencies. Please upgrade commons-fileupload affected dependency to a safe version (≥1.6 or ≥2.0.0-M4).
Links: https://github.com/apache/commons-fileupload/releases/tag/rel%2Fcommons-fileupload-1.6.0 https://mvnrepository.com/artifact/commons-fileupload/commons-fileupload/1.6.0
Comment From: aozmen121
@OlgaMaciaszek FYI this is potentially high risk vulnerability, is it possible to push this fix to the next scheduled release please