AZL-71525

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-71525.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-71525

Upstream

CVE-2025-65082

Published

2025-12-05T11:15:52Z

Modified

2026-04-21T04:36:36.238314Z

Summary

CVE-2025-65082 affecting package httpd for versions less than 2.4.66-1

Details

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs.

This issue affects Apache HTTP Server from 2.4.0 through 2.4.65.

Users are recommended to upgrade to version 2.4.66 which fixes the issue.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-65082

Affected packages

Azure Linux:3 / httpd

Package

Name: httpd
Purl: pkg:rpm/azure-linux/httpd

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.66-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-71525.json"