CVE-2025-27110: 
ModSecurity vulnerability analysis and mitigation

A vulnerability in ModSecurity (CVE-2025-27110) affects libmodsecurity3 version 3.0.13, a component of the ModSecurity v3 project that serves as an interface to ModSecurity Connectors for processing web traffic. The vulnerability prevents the system from properly decoding encoded HTML entities that contain leading zeroes. This security flaw has been assigned a CVSSv4 score of 7.9 (High) and a CVSSv3.1 base score of 7.5 (High) (NVD, Security Online).

The vulnerability specifically affects the HTML entity decoding functionality in libmodsecurity3 version 3.0.13. When processing web traffic, the system fails to properly decode HTML entities that contain leading zeroes, which could allow malicious payloads to bypass security rules. The issue has been assigned CWE-172 (Encoding Error) and received a CVSSv4 score of 7.9, indicating high severity with network attack vector, low attack complexity, and no required privileges or user interaction (GitHub Advisory).

The vulnerability could allow attackers to bypass ModSecurity's web application firewall protections by encoding malicious payloads with leading zeroes in HTML entities. This bypass could potentially expose web applications to various attacks, including cross-site scripting (XSS), SQL injection, and remote code execution, as ModSecurity would fail to properly inspect the incoming web traffic (Security Online).

The vulnerability has been fixed in libmodsecurity3 version 3.0.14. Organizations using ModSecurity are strongly advised to upgrade to this latest version immediately. No known workarounds are available for this vulnerability (GitHub Advisory).