CVE-2025-54090
Public on 2025-07-23
Modified on 2025-07-27
Description
A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true".
Users are recommended to upgrade to version 2.4.65, which fixes the issue.
Users are recommended to upgrade to version 2.4.65, which fixes the issue.
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | httpd | No Fix Planned | ||
| Amazon Linux 2 - Core | httpd | 2025-09-04 | ALAS2-2025-2982 | Fixed |
| Amazon Linux 2023 | httpd | 2025-09-15 | ALAS2023-2025-1183 | Fixed |
| Amazon Linux 1 | httpd24 | No Fix Planned |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 6.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |