Home > Vulnerability Database > CVE-2025-54090

Mend.io Vulnerability Database

CVE-2025-54090

Good to know:

Date: July 23, 2025

A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue.

Severity Score

6.3

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-54090

Url: https://news.ycombinator.com/item?id=44666896

Url: https://httpd.apache.org/security/vulnerabilities_24.html

Url: https://security.alpinelinux.org/vuln/CVE-2025-54090

Url: https://security-tracker.debian.org/tracker/CVE-2025-54090

Url: https://www.mend.io/vulnerability-database/CVE-2025-54090

Severity Score

6.3

Weakness Type (CWE)

Incorrect Check of Function Return Value

CWE-253

Top Fix

Upgrade Version

Upgrade to version https://github.com/apache/httpd.git - 2.4.65

Learn More

CVSS v3.1

Base Score:	6.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2025-54090

Good to know:

Date: July 23, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?