Vulnerability Details CVE-2025-65082
Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs.
This issue affects Apache HTTP Server from 2.4.0 through 2.4.65.
Users are recommended to upgrade to version 2.4.66 which fixes the issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 33.0%
CVSS Severity
CVSS v3 Score 6.5
References
Products affected by CVE-2025-65082
-
cpe:2.3:a:apache:http_server:2.4.0
-
cpe:2.3:a:apache:http_server:2.4.1
-
cpe:2.3:a:apache:http_server:2.4.10
-
cpe:2.3:a:apache:http_server:2.4.11
-
cpe:2.3:a:apache:http_server:2.4.12
-
cpe:2.3:a:apache:http_server:2.4.13
-
cpe:2.3:a:apache:http_server:2.4.14
-
cpe:2.3:a:apache:http_server:2.4.15
-
cpe:2.3:a:apache:http_server:2.4.16
-
cpe:2.3:a:apache:http_server:2.4.17
-
cpe:2.3:a:apache:http_server:2.4.18
-
cpe:2.3:a:apache:http_server:2.4.19
-
cpe:2.3:a:apache:http_server:2.4.2
-
cpe:2.3:a:apache:http_server:2.4.20
-
cpe:2.3:a:apache:http_server:2.4.21
-
cpe:2.3:a:apache:http_server:2.4.22
-
cpe:2.3:a:apache:http_server:2.4.23
-
cpe:2.3:a:apache:http_server:2.4.24
-
cpe:2.3:a:apache:http_server:2.4.25
-
cpe:2.3:a:apache:http_server:2.4.26
-
cpe:2.3:a:apache:http_server:2.4.27
-
cpe:2.3:a:apache:http_server:2.4.28
-
cpe:2.3:a:apache:http_server:2.4.29
-
cpe:2.3:a:apache:http_server:2.4.3
-
cpe:2.3:a:apache:http_server:2.4.30
-
cpe:2.3:a:apache:http_server:2.4.31
-
cpe:2.3:a:apache:http_server:2.4.32
-
cpe:2.3:a:apache:http_server:2.4.33
-
cpe:2.3:a:apache:http_server:2.4.34
-
cpe:2.3:a:apache:http_server:2.4.35
-
cpe:2.3:a:apache:http_server:2.4.36
-
cpe:2.3:a:apache:http_server:2.4.37
-
cpe:2.3:a:apache:http_server:2.4.38
-
cpe:2.3:a:apache:http_server:2.4.39
-
cpe:2.3:a:apache:http_server:2.4.4
-
cpe:2.3:a:apache:http_server:2.4.40
-
cpe:2.3:a:apache:http_server:2.4.41
-
cpe:2.3:a:apache:http_server:2.4.42
-
cpe:2.3:a:apache:http_server:2.4.43
-
cpe:2.3:a:apache:http_server:2.4.44
-
cpe:2.3:a:apache:http_server:2.4.45
-
cpe:2.3:a:apache:http_server:2.4.46
-
cpe:2.3:a:apache:http_server:2.4.47
-
cpe:2.3:a:apache:http_server:2.4.48
-
cpe:2.3:a:apache:http_server:2.4.49
-
cpe:2.3:a:apache:http_server:2.4.5
-
cpe:2.3:a:apache:http_server:2.4.50
-
cpe:2.3:a:apache:http_server:2.4.51
-
cpe:2.3:a:apache:http_server:2.4.52
-
cpe:2.3:a:apache:http_server:2.4.53
-
cpe:2.3:a:apache:http_server:2.4.54
-
cpe:2.3:a:apache:http_server:2.4.55
-
cpe:2.3:a:apache:http_server:2.4.56
-
cpe:2.3:a:apache:http_server:2.4.57
-
cpe:2.3:a:apache:http_server:2.4.58
-
cpe:2.3:a:apache:http_server:2.4.59
-
cpe:2.3:a:apache:http_server:2.4.6
-
cpe:2.3:a:apache:http_server:2.4.60
-
cpe:2.3:a:apache:http_server:2.4.61
-
cpe:2.3:a:apache:http_server:2.4.62
-
cpe:2.3:a:apache:http_server:2.4.63
-
cpe:2.3:a:apache:http_server:2.4.64
-
cpe:2.3:a:apache:http_server:2.4.65
-
cpe:2.3:a:apache:http_server:2.4.7
-
cpe:2.3:a:apache:http_server:2.4.8
-
cpe:2.3:a:apache:http_server:2.4.9