CVE-2025-65082
MEDIUM | Platform: macOS | Changelog
CVE Details
Description
Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs.
This issue affects Apache HTTP Server from 2.4.0 through 2.4.65.
Users are recommended to upgrade to version 2.4.66 which fixes the issue.
CVSS 3.1 Score
| Metric | Value |
|---|---|
| Base Score | 6.5 (MEDIUM) |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
Weakness
References
- Apple Security Advisory
- NVD Entry
- https://httpd.apache.org/security/vulnerabilities_24.html (Vendor Advisory)
- http://www.openwall.com/lists/oss-security/2025/12/04/7 (Issue Tracking, Third Party Advisory)