What is the CVSS score of CVE-2025-52891?

CVE-2025-52891 has a CVSS 3.1 base score of 6.5 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.1%.

Which versions of Ubuntu are affected by CVE-2025-52891?

Organizations using versions 2.9.8 to should be aware of notable risk from CVE-2025-52891, a input validation vulnerability rated CVSS 6.5.. A patch is available.

How to fix or mitigate CVE-2025-52891?

Within 30 days: Identify affected systems running versions 2.9.8 to and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Ubuntu CVE-2025-52891

EUVD-2025-19726 MEDIUM

Improper Input Validation (CWE-20)

2025-07-02 security-advisories@github.com

Apache Information Disclosure Debian Ubuntu Nginx Red Hat Suse

6.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

EUVD ID Assigned

Mar 16, 2026 - 01:55 euvd

EUVD-2025-19726

Analysis Generated

Mar 16, 2026 - 01:55 vuln.today

CVE Published

Jul 02, 2025 - 15:15 nvd

MEDIUM 6.5

DescriptionNVD

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. In versions 2.9.8 to before 2.9.11, an empty XML tag can cause a segmentation fault. If SecParseXmlIntoArgs is set to On or OnlyArgs, and the request type is application/xml, and at least one XML tag is empty (eg <foo></foo>), then a segmentation fault occurs. This issue has been patched in version 2.9.11. A workaround involves setting SecParseXmlIntoArgs to Off.

AnalysisAI

A remote code execution vulnerability in versions 2.9.8 to (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

Technical ContextAI

CWE-20 (Improper Input Validation). Affects versions 2.9.8 to.

RemediationAI

Monitor vendor channels for patch availability.

More from same product – last 7 days

CVE-2025-48977 HIGH This Week

8.5 May 28

Path traversal in Apache Ignite 2.0.0 through 2.17.0 lets authenticated REST API users read arbitrary files on the serve

CVE-2026-9277 HIGH This Week

8.1 May 22

Command injection in the shell-quote npm package allows attackers who can influence object-token inputs to inject arbitr

CVE-2026-9256 HIGH This Week

8.1 May 22

Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers

CVE-2026-47269 HIGH This Week

7.4 May 27

Authentication-context bypass in pam_usb before 0.9.0 lets a person holding an enrolled USB device authenticate over SSH

CVE-2026-42782 HIGH This Week

7.2 May 25

Code execution via Groovy sandbox bypass in Apache Syncope 3.0 through 3.0.16, 4.0 through 4.0.5, and 4.1.0 allows a hig

Vendor StatusVendor

Ubuntu

Priority: Medium

modsecurity

Release	Status	Version
focal	needs-triage	-
jammy	needs-triage	-
noble	needs-triage	-
upstream	needs-triage	-
plucky	ignored	end of life, was needs-triage
oracular	ignored	end of life, was needs-triage
questing	needs-triage	-

Debian

Bug #1108715

modsecurity-apache

Release	Status	Fixed Version	Urgency
bullseye	not-affected	-	-
bullseye (security)	fixed	2.9.3-3+deb11u5	-
bookworm	not-affected	-	-
bookworm (security)	fixed	2.9.7-1+deb12u1	-
trixie	fixed	2.9.11-1+deb13u1	-
forky, sid	fixed	2.9.12-2	-
(unstable)	fixed	2.9.11-1	-

CVE-2025-52891 vulnerability details – vuln.today

Back

Ubuntu CVE-2025-52891

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

More from same product – last 7 days

Vendor StatusVendor

Ubuntu

Debian

Share

External POC / Exploit Code