CVE-2025-53020

CWE-401 — Memory Leak13 documents10 sources

Severity

7.5HIGH

EPSS

1.2%

top 21.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Http Server Apache Software Foundation Apache Http Server

Timeline

PublishedJul 10

Latest updateAug 19

Description

Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: from 2.4.17 up to 2.4.63. Users are recommended to upgrade to version 2.4.64, which fixes the issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

▶NVDapache/http_server2.4.17 — 2.4.64

▶CVEListV5apache_software_foundation/apache_http_server2.4.17 — 2.4.63

▶Alpineapache2< 2.4.64-r0+4

▶Debianapache2< 2.4.65-1~deb11u1+3

▶Ubuntuapache2< 2.4.18-2ubuntu3.17+esm16+2

🔴Vulnerability Details

OSV

apache2 vulnerabilities↗2025-08-19

▶

OSV

CVE-2025-53020: Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server↗2025-07-10

▶

OSV

CVE-2025-53020: Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server↗2025-07-10

▶

CVEList

Apache HTTP Server: HTTP/2 DoS by Memory Increase↗2025-07-10

▶

GHSA

GHSA-c2vf-6g7v-8m6c: Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server↗2025-07-10

▶

📋Vendor Advisories

Ubuntu

Apache HTTP Server vulnerabilities↗2025-08-19

▶

Ubuntu

Apache HTTP Server vulnerabilities↗2025-07-16

▶

Red Hat

httpd: Apache HTTP Server: HTTP/2 DoS by Memory Increase↗2025-07-10

▶

Microsoft

Apache HTTP Server: HTTP/2 DoS by Memory Increase↗2025-07-08

▶

Debian

CVE-2025-53020: apache2 - Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Ser...↗2025

▶

💬Community

Bugzilla

CVE-2025-53020 httpd: Apache HTTP Server: HTTP/2 DoS by Memory Increase↗2025-07-10

▶