CVE-2025-65082: Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through 2.4.65. Users are recommended to upgrade to version 2.4.66 which fixes the issue.

Kurzinfo

Veroeffentlicht: 2025-12-04 00:00 UTC Importiert: 2026-05-14 20:48 UTC CVSS: 6.5 Quelle-ID: apache_httpd_sec uid_hash: c6afbb53b89288752ebbd0a12f2636938e6d770415a76a6c2e9c75308064e50a
Apache HTTP Server Security (httpd.org JSON)

Verknuepfte CVEs

CVE-ID Severity (CVE.org) CVSS (CVE.org) EPSS EPSS-% Veroeffentlicht (CVE.org)

CVE-2025-65082

 MEDIUM 6.5 - - 2025-12-05

Quellen-Details

Bezeichnung Name Kategorie Tags Zielgruppe Sprache Feed-URL
Apache HTTP Server Security (httpd.org JSON)

apache_httpd_sec

 vendor_advisory webserver, httpd - de https://httpd.apache.org/security/vulnerabilities-httpd.json
Zurueck zur Eintrags-Liste