CVE-2025-54090

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-54090

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-54090.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-54090

Aliases

BIT-apache-2025-54090

Downstream

ALPINE-CVE-2025-54090

BELL-CVE-2025-54090

DEBIAN-CVE-2025-54090

DLA-4270-1

MINI-fvv3-hrr9-fxwx

Related

MGASA-2025-0301

Published

2025-07-23T14:15:34.177Z

Modified

2025-11-19T17:35:53.967386Z

Severity

6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator

Summary

[none]

Details

A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true".

Users are recommended to upgrade to version 2.4.65, which fixes the issue.

References

Affected packages

Git / github.com/apache/httpd

Affected ranges

Type: GIT
Repo: https://github.com/apache/httpd
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

7e926454793abd7d71b6afc8bd1ec1648752c6ad

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-54090.json"