CVE-2025-54090

Summary

A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr …" tests evaluating as "true".

Users are recommended to upgrade to version 2.4.65, which fixes the issue.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache HTTP Server2.4.64affected

Weaknesses

  • CWE-253: CWE-253 Incorrect Check of Function Return Value

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References