CRE-2025-0053

NGINX Client Upload Size Limit ExceededMedium

Impact: 5/10

Mitigation: 3/10

CRE-2025-0053View on GitHub

NginxUpload LimitsConfiguration

Description

NGINX server is receiving upload requests with bodies that exceed the configured size limits.

This occurs when clients attempt to send files or data that are larger than what the server is

configured to accept.

Cause

The client is attempting to upload a file or send data that exceeds the NGINX 'client_max_body_size'

configuration limit. By default, this limit is set to 1MB, but can be adjusted in the NGINX

configuration.

Mitigation

• Increase the 'client_max_body_size' setting in the NGINX configuration to accommodate

legitimate large uploads if appropriate

• Add clear error messages to inform users about file size limitations
• Implement frontend validations to prevent oversized upload attempts
• Consider implementing chunked uploads for handling large files

References

• http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size