CVE-2025-58098
published 2025-12-05CVE-2025-58098: Apache HTTP Server 2.4.65 and earlier with Server Side Includes (SSI) enabled and mod_cgid (but not mod_cgi) passes the shell-escaped query string to #exec…
high8.3CVSS 3.1
AVNACLPRLUINSUCHIHAL
Apache HTTP Server 2.4.65 and earlier with Server Side Includes (SSI) enabled and mod_cgid (but not mod_cgi) passes the shell-escaped query string to #exec cmd="..." directives.
This issue affects Apache HTTP Server before 2.4.66.
Users are recommended to upgrade to version 2.4.66, which fixes the issue.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | http_server | < 2.4.66 | 2.4.66 |
| apache_software_foundation | apache_http_server | < 2.4.66 | 2.4.66 |
| debian | apache2 | < apache2 2.4.66-1~deb12u1 (bookworm) | apache2 2.4.66-1~deb12u1 (bookworm) |
| msrc | azl3_httpd_2.4.65-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_kernel_6.6.85.1-4_on_azure_linux_3.0 | — | — |
| msrc | azl3_kernel_6.6.92.2-1_on_azure_linux_3.0 | — | — |
| msrc | cbl2_httpd_2.4.65-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_kernel_5.15.186.1-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_kernel_5.15.200.1-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_kernel_5.15.202.1-1_on_cbl_mariner_2.0 | — | — |
| ubuntu | apache2 | — | — |
CVSS provenance
nvdv3.18.3HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
osv8.3HIGH