Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

SUSE: Apache2 Important Patch for Bypass and Server Fix 2025:4518-1

suse
Calendar Grey December 24, 2025
Dist Suse Esm H88
Update addresses four important issues in Apache2, improving security and functionality on SUSE systems. Immediate install recommended.
An update that solves four vulnerabilities can now be installed.

Summary

## This update for apache2 fixes the following issues: * CVE-2025-55753: Fixed mod_md (ACME) unintended retry intervals (bsc#1254511) * CVE-2025-65082: Fixed CGI environment variable override (bsc#1254514) * CVE-2025-58098: Fixed Server Side Includes adding query string to #exec cmd=... (bsc#1254512) * CVE-2025-66200: Fixed mod_userdir+suexec bypass via AllowOverride FileInfo (bsc#1254515) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-4518=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-4518=1

References

* bsc#1254511

* bsc#1254512

* bsc#1254514

* bsc#1254515

Cross-

* CVE-2025-55753

* CVE-2025-58098

* CVE-2025-65082

* CVE-2025-66200

CVSS scores:

* CVE-2025-55753 ( SUSE ): 6.0

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

* CVE-2025-55753 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2025-55753 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

* CVE-2025-58098 ( SUSE ): 6.0

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

* CVE-2025-58098 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

* CVE-2025-58098 ( NVD ): 8.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

* CVE-2025-65082 ( SUSE ): 6.8

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:4518-1
Release Date: 2025-12-23T19:07:46Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here