CVE-2025-65082

MEDIUM6.5EPSS 0.14%

Apache HTTP Server: CGI environment variable override

發布日:2025/12/5修改日:2025/12/9

也稱為:ALPINE-CVE-2025-65082BIT-apache-2025-65082

描述

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through 2.4.65. Users are recommended to upgrade to version 2.4.66 which fixes the issue.

受影響套件(3)

Alpine/apache2from 0, < 2.4.66-r0
Bitnami/apache>= 2.4.0, < 2.4.66
Debian/apache2from 0, < 2.4.66-1~deb11u1

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

參考連結(5)

ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2025-65082
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2025-65082
WEBhttps://httpd.apache.org/security/vulnerabilities_24.html
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2025-65082
WEBhttp://www.openwall.com/lists/oss-security/2025/12/04/7