Description

A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue.

Remediation

References

CVE-2025-54090

Related Vulnerabilities

WordPress Plugin Captcha by BestWebSoft Security Bypass (4.0.6)

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-1113)

WordPress Plugin ARI Adminer-WordPress Database Manager Cross-Site Request Forgery (1.1.13)

Rukovoditel Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-13590)

Perl Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2012-6329)

Severity

Medium

Classification

CVE-2025-54090 CWE-253 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Tags

Missing Update Known Vulnerabilities