CVE-2025-47935 is a high-severity vulnerability affecting versions of the Multer middleware for Node.js prior to 2.0.0. Multer is widely used to handle multipart/form-data, especially for file uploads in Express.js applications. The vulnerability arises from improper handling of the HTTP request stream errors within Multer's internal dependency, busboy. Specifically, when the HTTP request stream emits an error, the busboy stream is not properly closed, violating Node.js stream safety guidelines. This leads to unclosed streams accumulating over time, causing a memory leak and exhaustion of file descriptors. Over sustained or repeated failure conditions, this resource exhaustion can degrade server performance and ultimately cause denial of service (DoS), requiring manual intervention such as server restarts to recover. The vulnerability does not impact confidentiality or integrity but severely affects availability. Exploitation requires no authentication or user interaction and can be triggered remotely by sending malformed or error-inducing multipart/form-data requests. Although no known exploits are currently reported in the wild, the vulnerability’s nature and high CVSS score (7.5) indicate a significant risk to any application using vulnerable Multer versions for file uploads. The recommended remediation is to upgrade Multer to version 2.0.0 or later, where the issue is patched. No effective workarounds exist, making timely patching critical.

For European organizations, this vulnerability poses a significant risk to web applications relying on Express.js and Multer for file uploads, which are common in many sectors including finance, healthcare, e-commerce, and government services. An attacker can remotely trigger resource exhaustion leading to denial of service, causing application downtime and disruption of critical services. This can result in operational losses, reputational damage, and potential regulatory scrutiny under frameworks like GDPR if service availability impacts data processing obligations. The lack of authentication or user interaction requirements lowers the barrier for exploitation, increasing the threat landscape. Organizations with high-volume file upload services or those exposed to the internet are particularly vulnerable. The vulnerability could also be leveraged as part of a multi-stage attack to create distractions or cover other malicious activities. Given the widespread use of Node.js and Express.js in European web infrastructure, the impact could be broad if unpatched.

1. Immediate upgrade of Multer to version 2.0.0 or later is essential to remediate the vulnerability. 2. Implement robust monitoring of server memory usage and open file descriptors to detect abnormal resource consumption early. 3. Employ rate limiting and input validation on file upload endpoints to reduce the risk of repeated error-triggering requests. 4. Use reverse proxies or web application firewalls (WAFs) to filter malformed multipart/form-data requests where possible. 5. Conduct regular dependency audits and integrate automated vulnerability scanning in CI/CD pipelines to ensure timely detection of vulnerable packages. 6. Prepare incident response plans for DoS scenarios to minimize downtime and recovery time. 7. Consider isolating file upload services in containerized or sandboxed environments to limit impact scope.