CVE-2025-54090

Apache HTTP Server: 'RewriteCond expr' always evaluates to true in 2.4.64

CVSS 6.3 MEDIUMEPSS 0.7%CWE-253

A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Productos afectados

Apache Software Foundation · Apache HTTP Server

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://httpd.apache.org/security/vulnerabilities_24.html https://lists.debian.org/debian-lts-announce/2025/08/msg00009.html https://news.ycombinator.com/item?id=44666896 http://www.openwall.com/lists/oss-security/2025/07/24/2