A newly discovered denial-of-service vulnerability in the ModSecurity Web Application Firewall (WAF) engine has security experts on high alert. The flaw, designated CVE-2025-52891, affects specific versions of mod_security2 and can be triggered by processing XML requests containing empty tags, potentially causing complete service disruption. The vulnerability impacts mod_security2 versions 2.9.8, 2.9.9, and 2.9.10, but only when administrators have
The post Critical ModSecurity WAF Vulnerability Allows Denial of Service via Empty XML Tags appeared first on Cyber Security News. Read More
Posted inNews