Debian 11 Apache2 Critical Integer Overflow SSRF DLA-4452-1 CVE-2025-55753
debian lts
January 24, 2026
Multiple vulnerabilities were fixed for apache httpd a popular webserver
Topics Covered
Summary
CVE-2025-55753
An integer overflow was found in the case of failed ACME certificate
renewal leads, after a number of failures (~30 days in default configurations),
to the backoff timer becoming 0. Attempts to renew the certificate
then are repeated without delays until it succeeds
CVE-2025-58098
Apache with Server Side Includes (SSI) enabled and mod_cgid (but not mod_cgi)
passes the shell-escaped query string to #exec cmd="..." directives.
CVE-2025-59775
A Server-Side Request Forgery (SSRF) vulnerability was found
in Apache HTTP Server on Windows with AllowEncodedSlashes On
and MergeSlashes Off allows to potentially leak NTLM hashes to
a malicious server via SSRF
CVE-2025-65082
An Improper Neutralization of Escape, Meta, or Control Sequences
vulnerability was found in Apache HTTP Server through environment
variables set via the Apache configuration unexpectedly superseding
variables calculated by the server for CGI programs.
CVE-2025-66200
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: apache2
Version: 2.4.66-1~deb11u1
CVE ID: CVE-2025-55753 CVE-2025-58098 CVE-2025-59775 CVE-2025-65082
Debian Bug: 1121926
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!