HCL BigFix WebUI Vulnerabilities: form-data HPP (CVE-2025-7783) and multer DoS (CVE-2025-47935)

Critical Vulnerability Information Vulnerability Overview Title: HCL BigFix WebUI Affected by Multiple Security Vulnerabilities Update Time: 5 hours ago View Count: 27 times Vulnerability Details form-data CVE ID: CVE-2025-7783 Description: form-data uses insufficient random values, leading to HTTP Parameter Pollution (HPP). This issue affects form-data versions < 2.5.4, 3.0.0 - 3.0.3, and 4.0.0 - 4.0.3. CVSS v4.0 Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N CVSS Base Score: 9.4 Affected Versions: All BigFix WebUI applications multer CVE ID: CVE-2025-47935 Description: multer is a Node.js middleware for handling multipart/form-data. Versions prior to 2.0.0 suffer from resource exhaustion and memory leaks due to improper stream handling. When an HTTP request stream emits an error, the internal "busboy" stream is not closed, violating Node.js stream security guidelines. This results in accumulated unclosed streams over time, consuming memory and file descriptors. Under sustained or repeated failure conditions, this may lead to denial of service, requiring manual server restart to recover. All users utilizing multer for file uploads may be affected. Users should upgrade to version 2.0.0 to receive the patch. No known workarounds are available. CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Base Score: 7.5 Affected Versions: BigFix WebUI API applications

Goal Reached Thanks to every supporter — we hit 100%!

HCL BigFix WebUI Vulnerabilities: form-data HPP (CVE-2025-7783) and multer DoS (CVE-2025-47935)

More from this source