-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

SUMMARY

WebPros International, LLC has updated packages for EasyApache 4 with a updated versions of ModSecurity 2 and libcurl. This release addresses vulnerabilities related to CVE-2025-47947, CVE-2025-48866, CVE-2025-5025, and CVE-2025-4947. We strongly encourage all ModSecurity 2 users update to version 2.9.10 and all libcurl users to update to version 8.14.0.

 
AFFECTED VERSIONS
All versions of ModSecurity 2 through 2.9.9.
All versions of libcurl through 8.13.0.


SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2025-47947 - HIGH
ModSecurity 2.9.10
Fixed vulnerability related to CVE-2025-47947.


CVE-2025-48866 - HIGH
ModSecurity 2.9.10
Fixed vulnerability related to CVE-2025-48866.


CVE-2025-5025 - MEDIUM
libcurl 8.14.0
Fixed vulnerability related to CVE-2025-5025.


CVE-2025-4947 - MEDIUM
libcurl 8.14.0
Fixed vulnerability related to CVE-2025-4947.



SOLUTION
WebPros International, LLC has released updated packages for EasyApache 4 25.16 on 2025 June 4, with ModSecurity 2 version 2.9.10 and libcurl version 8.14.0. Unless you have enabled automatic package updates in your cron, update your system with either your package manager or WHM's Run System Update interface.

 
REFERENCES
https://www.cve.org/CVERecord?id=CVE-2025-47947
https://www.cve.org/CVERecord?id=CVE-2025-48866
https://www.cve.org/CVERecord?id=CVE-2025-5025
https://www.cve.org/CVERecord?id=CVE-2025-4947
https://curl.se/ch/8.14.0.html
https://github.com/owasp-modsecurity/ModSecurity/releases

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAmhAl8kACgkQlSG+3KvZ
Td/mjRAAgpejOa4dIuVQqkbe3xJxOe3cFAMwkq0cT4gd9GYP7MDg/dir9lwpfPUH
xbT+siaNdsXQDpUUBqvqDuOwo8DOawqFF8oe03vf0XlpDIVjzMGpjBVqfXC2y5W2
yYKdHGlTIrkuWfOjnXKYLv1s6LubHiHQ/E1jtI2xZb6JMqrBwdCEKi1Kf7M1VNoT
/qMxnSSkfM9s/Un6YgONNpYUoTB9m5iUIoDXkfZg8UGduYDsD8mWgCA/bfrc0H7t
dM7PQ3zfhhpsYAdgQCQ8JVTKClZxTRB4F3xt9NKuQSvpdUcHy3ebcLhLSAUgRlEA
fDvOWdTYqE+an7QE7rH9gYe7yCQJHnMclWEgv3gV9i+I+JGr48rh3/iXucSC5PQq
Qon7X81b88/JTb/HYyCthg80Jic7tDY9N46wYqw0o2uv2DIuKtN7lgEsnAX/LLHZ
ojjxCuhAHS+P7KjilLqoTYEfgUQE+EhC0UoQdSywm46hfWRApaSxu/fY9ydbFGyz
rtklpVnF66/hQxnMKxfFh4rgoEV9VLAbwQH80f/Q9ftFVhO0L493SHQX/6AotmTa
mDuSeLvga6qIDoaOs6rHQOiMRl/kfrUVdZQoQEurQOEd+lPgNQgXmTJRNNCpunQD
ik5AyA6z9cukjnWI3Gi3lvWZ2D447tYQEyTHIijoDOFg2s4p5yY=
=Xw1y
-----END PGP SIGNATURE-----