CVE-2025-3891
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
2.0.0 < 2.4.13.1 | affected | ||
| Red Hat | Red Hat Enterprise Linux 8 | 8100020250426100353.489197e6 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.2 Advanced Update Support | 8020020250612174445.4cda2c84 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | 8040020250618101351.522a0ee4 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | 8060020250617090503.ad008a3a < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service | 8060020250617090503.ad008a3a < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions | 8060020250617090503.ad008a3a < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service | 8080020250617090716.63b34585 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions | 8080020250617090716.63b34585 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9 | 0:2.4.10-1.el9_6.2 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | 0:2.4.9.4-1.el9_0.3 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions | 0:2.4.9.4-1.el9_2.3 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support | 0:2.4.9.4-4.el9_4.2 < * | unaffected |
Weaknesses
- CWE-248: Uncaught Exception
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
CVE Program Container
Additional References
References
- https://access.redhat.com/errata/RHSA-2025:10002
- https://access.redhat.com/errata/RHSA-2025:10003
- https://access.redhat.com/errata/RHSA-2025:10004
- https://access.redhat.com/errata/RHSA-2025:10006
- https://access.redhat.com/errata/RHSA-2025:10007
- https://access.redhat.com/errata/RHSA-2025:10008
- https://access.redhat.com/errata/RHSA-2025:10010
- https://access.redhat.com/errata/RHSA-2025:4597
- https://access.redhat.com/errata/RHSA-2025:9396
- https://access.redhat.com/security/cve/CVE-2025-3891
- https://bugzilla.redhat.com/show_bug.cgi?id=2361633
- https://github.com/OpenIDC/mod_auth_openidc/commit/6a0b5f66c87184dfe0e4400f6bdd46a82dc0ec2b
- https://github.com/OpenIDC/mod_auth_openidc/security/advisories/GHSA-x7cf-8wgv-5j86
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.