vulnerability

Apache HTTPD: CVE-2025-53020: Missing Release of Memory after Effective Lifetime

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:N/I:N/A:C)	Jul 10, 2025	Jul 18, 2025	Mar 25, 2026

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:C)

Published

Jul 10, 2025

Added

Jul 18, 2025

Modified

Mar 25, 2026

Description

Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server.

This issue affects Apache HTTP Server: from 2.4.17 up to 2.4.63.

Users are recommended to upgrade to version 2.4.64, which fixes the issue.

Solution

apache-httpd-upgrade-latest

References

CVE-2025-53020
https://attackerkb.com/topics/CVE-2025-53020
https://httpd.apache.org/security/vulnerabilities_24.html
https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-21015
CWE-401
EUVD-EUVD-2025-21015

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today