CVE-2025-54090
Published: July 24, 2025Last modified: August 6, 2025
Description
A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 6.3 |
| Attack Vector | NETWORK |
| Attack complexity | LOW |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | LOW |
| Integrity impact | LOW |
| Availability impact | LOW |
| Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | apache2 | Fixed (2.4.65-r0) |
| 25 LTS | apache2 | Fixed (2.4.65-r0) | |
| Stream | apache2 | Fixed (2.4.65-r0) |