CVE-2025-53020

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-53020

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-53020.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-53020

Aliases

BIT-apache-2025-53020

Downstream

ALPINE-CVE-2025-53020

AZL-65094

AZL-65109

BELL-CVE-2025-53020

DEBIAN-CVE-2025-53020

DLA-4270-1

MGASA-2025-0301

MINI-j7mr-r439-jp3q

RHSA-2026:22140

RHSA-2026:22528

RHSA-2026:22551

RLSA-2026:22140

RLSA-2026:22528

RLSA-2026:22551

ROOT-OS-DEBIAN-12-CVE-2025-53020

SUSE-SU-2025:02565-1

SUSE-SU-2025:02682-1

SUSE-SU-2025:02683-1

SUSE-SU-2025:02684-1

SUSE-SU-2025:02685-1

SUSE-SU-2026:21846-1

UBUNTU-CVE-2025-53020

USN-7639-1

USN-7639-2

openSUSE-SU-2025:15360-1

openSUSE-SU-2026:20810-1

Related

Published

2025-07-10T17:15:48.337Z

Modified

2026-06-04T11:29:25.083826015Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server.

This issue affects Apache HTTP Server: from 2.4.17 up to 2.4.63.

Users are recommended to upgrade to version 2.4.64, which fixes the issue.

References

Affected packages

Git / github.com/apache/httpd

Affected ranges

Type

GIT

Repo

https://github.com/apache/httpd

Events

Introduced

47a9d8e8abf5697b4580c3ee2ade302b5c058fa6

Fixed

7e926454793abd7d71b6afc8bd1ec1648752c6ad

Database specific

{
    "versions": [
        {
            "introduced": "2.4.17"
        },
        {
            "fixed": "2.4.64"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-53020.json"