VYPR
Unrated severityNVD Advisory· Published Dec 5, 2025· Updated Dec 5, 2025

Apache HTTP Server: CGI environment variable override

CVE-2025-65082

Description

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs.

This issue affects Apache HTTP Server from 2.4.0 through 2.4.65.

Users are recommended to upgrade to version 2.4.66 which fixes the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

76

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.