CVE-2025-65082

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-65082

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-65082.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-65082

Aliases

BIT-apache-2025-65082

Downstream

ALPINE-CVE-2025-65082

BELL-CVE-2025-65082

DEBIAN-CVE-2025-65082

MINI-w637-gfcm-cw57

RHSA-2025:23732

RHSA-2025:23919

RHSA-2025:23932

RLSA-2025:23732

RLSA-2025:23919

RLSA-2025:23932

SUSE-SU-2025:4488-1

SUSE-SU-2025:4518-1

UBUNTU-CVE-2025-65082

Related

Published

2025-12-05T11:15:52.497Z

Modified

2025-12-12T02:55:57.671400Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs.

This issue affects Apache HTTP Server from 2.4.0 through 2.4.65.

Users are recommended to upgrade to version 2.4.66 which fixes the issue.

References

Affected packages

Git / github.com/apache/httpd

Affected ranges

Type: GIT
Repo: https://github.com/apache/httpd
Events: Introduced

da5873e80d6eee7a0838793bf68f1d0254745fbb

Fixed

e4a77ef6051b3fe22eafacbcf54855b178a0bddd