Unrated severityNVD Advisory· Published Jul 23, 2025· Updated Nov 4, 2025
Apache HTTP Server: 'RewriteCond expr' always evaluates to true in 2.4.64
CVE-2025-54090
Description
A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true".
Users are recommended to upgrade to version 2.4.65, which fixes the issue.
Affected products
2- Range: <=2.4.64
- Apache Software Foundation/Apache HTTP Serverv5Range: 2.4.64
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- httpd.apache.org/security/vulnerabilities_24.htmlmitrevendor-advisory
News mentions
0No linked articles in our index yet.