CVE-2025-53020

{"id": "CVE-2025-53020", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-07-10T17:15:48.337", "references": [{"url": "https://httpd.apache.org/security/vulnerabilities_24.html", "tags": ["Vendor Advisory"], "source": "security@apache.org"}, {"url": "http://www.openwall.com/lists/oss-security/2025/07/10/10", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00009.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security@apache.org", "description": [{"lang": "en", "value": "CWE-401"}]}], "descriptions": [{"lang": "en", "value": "Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server.\n\nThis issue affects Apache HTTP Server: from 2.4.17 up to 2.4.63.\n\nUsers are recommended to upgrade to version 2.4.64, which fixes the issue."}, {"lang": "es", "value": "Vulnerabilidad de liberaci\u00f3n tard\u00eda de memoria tras el tiempo de vida \u00fatil efectivo en el servidor Apache HTTP. Este problema afecta al servidor Apache HTTP desde la versi\u00f3n 2.4.17 hasta la 2.4.63. Se recomienda actualizar a la versi\u00f3n 2.4.64, que soluciona el problema."}], "lastModified": "2025-11-04T22:16:21.183", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD8F0C5C-64B1-4F7D-91B1-B2B87CD824B2", "versionEndExcluding": "2.4.64", "versionStartIncluding": "2.4.17"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org"}