CVE-2025-3891 โ€” Uncaught Exception in Linux

CWE-248 โ€” Uncaught Exception6 documents6 sources
Severity
7.5HIGHNVD
EPSS
1.3%
top 20.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian LinuxRedhat Enterprise Linux
Timeline
PublishedApr 29

Description

A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages0 packages

Also affects: Debian Linux 11.0, Enterprise Linux 7.0, 8.0, 9.0

๐Ÿ”ดVulnerability Details

3
CVEList
Mod_auth_openidc: dos via empty post in mod_auth_openidc with oidcpreservepost enabledโ†—2025-04-29
โ–ถ
GHSA
GHSA-v96g-5j57-774c: A flaw was found in the mod_auth_openidc module for Apache httpdโ†—2025-04-29
โ–ถ
OSV
CVE-2025-3891: A flaw was found in the mod_auth_openidc module for Apache httpdโ†—2025-04-29
โ–ถ

๐Ÿ“‹Vendor Advisories

2
Red Hat
mod_auth_openidc: DoS via Empty POST in mod_auth_openidc with OIDCPreservePost Enabledโ†—2025-04-29
โ–ถ
Debian
CVE-2025-3891: libapache2-mod-auth-openidc - A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allo...โ†—2025
โ–ถ
CVE-2025-3891 โ€” Uncaught Exception in Debian Linux | cvebase