vulnerability

Debian: CVE-2025-65082: apache2 -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:L/Au:N/C:P/I:P/A:N)	Jan 12, 2026	Jan 12, 2026	Jan 26, 2026

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:N)

Published

Jan 12, 2026

Added

Jan 12, 2026

Modified

Jan 26, 2026

Description

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through 2.4.65. Users are recommended to upgrade to version 2.4.66 which fixes the issue.

Solution

debian-upgrade-apache2

References

CVE-2025-65082
https://attackerkb.com/topics/CVE-2025-65082
CWE-150
DEBIAN-DLA-4452-1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today