- 262/2025
- High
Apache has released security updates to address multiple vulnerabilities affecting Apache HTTP Server versions before 2.4.66.
The addressed vulnerabilities could allow the attacker to perform denial-ofservice attacks, bypass security restrictions, obtain sensitive information, manipulate sensitive data, or execute code and gain access to the affected system.
Sample of the addressed vulnerabilities:
1. Apache HTTP Server: Insertion of Sensitive Information Into Sent Data Vulnerability (CVE-2025-58098):
- CVSS: 8.3
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Data Manipulation
2. Apache HTTP Server: Integer Overflow or Wraparound Vulnerability (CVE- 2025-55753):
- CVSS: 7.5
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Denial of Service
Vulnerabilities
- CVE-2025-55753
- CVE-2025-58098
- CVE-2025-59775
- CVE-2025-65082
- CVE-2025-66200
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.