Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-66200

Опубликовано: 05 дек. 2025
Источник: debian
EPSS Низкий

Описание

mod_userdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65. Users are recommended to upgrade to version 2.4.66, which fixes the issue.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
apache2fixed2.4.66-1package
apache2fixed2.4.66-1~deb13u1trixiepackage
apache2fixed2.4.66-1~deb12u1bookwormpackage

Примечания

  • https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-66200

  • https://github.com/apache/httpd/commit/9d26b95787b229a3f6195d7beead774d131eeda1

EPSS

Процентиль: 15%
0.00048
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2025-66200

CVSS3: 5.4
ubuntu
2 месяца назад

mod_userdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65. Users are recommended to upgrade to version 2.4.66, which fixes the issue.

nvd логотип

CVE-2025-66200

CVSS3: 5.4
nvd
2 месяца назад

mod_userdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65. Users are recommended to upgrade to version 2.4.66, which fixes the issue.

msrc логотип

CVE-2025-66200

CVSS3: 5.4
msrc
около 2 месяцев назад

Apache HTTP Server: mod_userdir+suexec bypass via AllowOverride FileInfo

github логотип

GHSA-3j3g-3pw9-9vcc

CVSS3: 5.4
github
2 месяца назад

mod_userdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65. Users are recommended to upgrade to version 2.4.66, which fixes the issue.

fstec логотип

BDU:2025-15638

CVSS3: 5.4
fstec
3 месяца назад

Уязвимость модуля mod_userdir веб-сервера Apache HTTP Server, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код

EPSS

Процентиль: 15%
0.00048
Низкий