vulnerability
Ubuntu: USN-7968-1 (CVE-2025-66200): Apache HTTP Server vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:L/Au:S/C:N/I:P/A:P) | Dec 5, 2025 | Jan 20, 2026 | Jan 21, 2026 |
Description
It was discovered that the Apache HTTP Server incorrectly handled failed
ACME certificate renewals. This could result in renewal attempts to be
repeated without delays, possibly leading to a denial of service.
(CVE-2025-55753)
Anthony Parfenov discovered that the Apache HTTP Server would pass the
query string to cmd directives when configured with Server Side Includes
(SSI) enabled and mod_cgid. An attacker could possibly use this issue to
execute arbitrary code. (CVE-2025-58098)
Mattias Åsander discovered that the Apache HTTP Server incorrectly
neutralized certain environment variables. This could result in
unexpectedly superseding variables calculated by the server for CGI
programs. (CVE-2025-65082)
Mattias Åsander discovered that the Apache HTTP Server incorrectly
handled AllowOverride FileInfo configurations when using mod_userdir with
suexec. An attacker with access to use the RequestHeader directive in
htaccess can cause some CGI scripts to run under an unexpected userid.
(CVE-2025-66200)
Solution
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.