Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-66200

Опубликовано: 05 дек. 2025
Источник: debian
EPSS Низкий

Описание

mod_userdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65. Users are recommended to upgrade to version 2.4.66, which fixes the issue.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
apache2fixed2.4.66-1package
apache2no-dsatrixiepackage
apache2no-dsabookwormpackage
apache2postponedbullseyepackage

Примечания

  • https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-66200

  • https://github.com/apache/httpd/commit/9d26b95787b229a3f6195d7beead774d131eeda1

EPSS

Процентиль: 13%
0.00042
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2025-66200

CVSS3: 5.4
ubuntu
13 дней назад

mod_userdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65. Users are recommended to upgrade to version 2.4.66, which fixes the issue.

nvd логотип

CVE-2025-66200

CVSS3: 5.4
nvd
13 дней назад

mod_userdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65. Users are recommended to upgrade to version 2.4.66, which fixes the issue.

msrc логотип

CVE-2025-66200

msrc
11 дней назад

Apache HTTP Server: mod_userdir+suexec bypass via AllowOverride FileInfo

github логотип

GHSA-3j3g-3pw9-9vcc

CVSS3: 5.4
github
12 дней назад

mod_userdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65. Users are recommended to upgrade to version 2.4.66, which fixes the issue.

fstec логотип

BDU:2025-15638

CVSS3: 5.4
fstec
29 дней назад

Уязвимость модуля mod_userdir веб-сервера Apache HTTP Server, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код

EPSS

Процентиль: 13%
0.00042
Низкий