[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1121926: apache2: CVE-2025-55753 CVE-2025-58098 CVE-2025-65082 CVE-2025-66200

Source: apache2
Version: 2.4.65-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

Hi,

The following vulnerabilities were published for apache2.

CVE-2025-55753[0]:
| mod_md (ACME), unintended retry intervals

CVE-2025-58098[1]:
| Server Side Includes adds query string to #exec cmd=...

CVE-2025-65082[2]:
| CGI environment variable override

CVE-2025-66200[3]:
| mod_userdir+suexec bypass via AllowOverride FileInfo

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2025-55753
    https://www.cve.org/CVERecord?id=CVE-2025-55753
[1] https://security-tracker.debian.org/tracker/CVE-2025-58098
    https://www.cve.org/CVERecord?id=CVE-2025-58098
[2] https://security-tracker.debian.org/tracker/CVE-2025-65082
    https://www.cve.org/CVERecord?id=CVE-2025-65082
[3] https://security-tracker.debian.org/tracker/CVE-2025-66200
    https://www.cve.org/CVERecord?id=CVE-2025-66200

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore
Reply to: