- Description
- Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through 2.4.65. Users are recommended to upgrade to version 2.4.66 which fixes the issue.
- Source
- security@apache.org
- NVD status
- Analyzed
- Products
- http_server
CVSS 3.1
- Type
- Secondary
- Base score
- 6.5
- Impact score
- 2.5
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
- Severity
- MEDIUM
- security@apache.org
- CWE-150
- Hype score
- Not currently trending
Heads up, sysadmins! 📢 A critical Apache HTTP Server flaw (CVE-2025-65082) enables remote code execution via CGI. Versions 2.4.0-2.4.65 are vulnerable. 🚨 Patch NOW to 2.4.66 to secure your servers! #Apache #Cybersecurity #CVE https://t.co/2aDLGFjG4c
@fernandokarl
5 Dec 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-65082 Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexp… https://t.co/qgIsWzJIRV
@CVEnew
5 Dec 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-65082 CVE-2025-65082 https://t.co/oTt6UgTvXa
@VulmonFeeds
4 Dec 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E190AC9-8786-444C-877C-DE4BC272331F",
"versionEndExcluding": "2.4.66",
"versionStartIncluding": "2.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]