CVE-2025-47944 is a high-severity vulnerability affecting the Multer middleware for Node.js, specifically versions starting from 1.4.4-lts.1 up to but not including 2.0.0. Multer is widely used in Express.js applications to handle multipart/form-data, commonly for file uploads. The vulnerability arises from an unhandled exception triggered by a malformed multipart upload request. When such a request is processed, the exception is not caught within the application, causing the Node.js process to crash. This results in a Denial of Service (DoS) condition, where the affected service becomes unavailable until restarted. The vulnerability is classified under CWE-248 (Uncaught Exception), indicating a failure to properly handle unexpected input or errors. The CVSS v3.1 base score is 7.5, reflecting a high severity due to the network attack vector, low attack complexity, no privileges or user interaction required, and a direct impact on availability. No confidentiality or integrity impact is noted. There are no known exploits in the wild at the time of publication, and no workarounds exist other than upgrading to Multer version 2.0.0, which contains the patch. This vulnerability is critical for any web applications relying on Multer for file uploads, as it can be exploited remotely by unauthenticated attackers to disrupt service availability.

For European organizations, the impact of this vulnerability can be significant, especially for those operating web services that handle file uploads using Express.js and Multer middleware. The DoS condition can lead to service outages, affecting business continuity, customer trust, and potentially causing financial losses. Industries such as e-commerce, healthcare, finance, and public sector entities that rely on web applications for critical operations are particularly at risk. The disruption could also affect compliance with data availability requirements under regulations like GDPR, which mandates reliable service availability for personal data processing. Additionally, the ease of exploitation without authentication or user interaction increases the risk of automated attacks targeting vulnerable endpoints. Organizations with high traffic or critical uptime requirements may experience amplified effects, including cascading failures if the Node.js process is not properly monitored or restarted automatically.

The primary and most effective mitigation is to upgrade Multer to version 2.0.0 or later, where the vulnerability is patched. Organizations should prioritize this upgrade in their development and deployment pipelines. In parallel, implement robust input validation and error handling around file upload endpoints to detect and reject malformed multipart requests before they reach Multer. Employ runtime monitoring and automated process management tools (such as PM2 or systemd) to detect crashes and restart Node.js processes promptly to minimize downtime. Additionally, consider deploying Web Application Firewalls (WAFs) with rules to identify and block suspicious multipart/form-data requests that deviate from expected patterns. Conduct thorough testing of file upload functionality post-upgrade to ensure stability and security. Finally, maintain an incident response plan that includes procedures for handling DoS attacks and service restoration.