vulnerability
Amazon Linux 2023: CVE-2025-54571: Medium priority package update for mod_security
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | Aug 5, 2025 | Sep 9, 2025 | Dec 4, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
Aug 5, 2025
Added
Sep 9, 2025
Modified
Dec 4, 2025
Description
A flaw was found in mod_security. The engine may allow attackers to manipulate the HTTP response’s Content-Type header, enabling them to influence downstream processes or applications. This manipulation can be achieved remotely without authentication. Consequently, an attacker can alter the expected content type of responses, leading to unpredictable behavior or vulnerabilities in dependent systems.
Solutions
amazon-linux-2023-upgrade-mod-securityamazon-linux-2023-upgrade-mod-security-debuginfoamazon-linux-2023-upgrade-mod-security-debugsourceamazon-linux-2023-upgrade-mod-security-mlogcamazon-linux-2023-upgrade-mod-security-mlogc-debuginfo
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.