Unrated severityNVD Advisory· Published Dec 5, 2025· Updated Dec 5, 2025
Apache HTTP Server: NTLM Leakage on Windows through UNC SSRF
CVE-2025-59775
Description
Server-Side Request Forgery (SSRF) vulnerability
in Apache HTTP Server on Windows
with AllowEncodedSlashes On and MergeSlashes Off allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content
Users are recommended to upgrade to version 2.4.66, which fixes the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4<2.4.66+ 1 more
- (no CPE)range: <2.4.66
- (no CPE)range: 2.4.0
- osv-coords2 versions
>= 2.4.0, < 2.4.66+ 1 more
- (no CPE)range: >= 2.4.0, < 2.4.66
- (no CPE)range: < 2.4.66-1.1
Patches
Vulnerability mechanics
References
1- httpd.apache.org/security/vulnerabilities_24.htmlmitrevendor-advisory
News mentions
0No linked articles in our index yet.