Apache · Apache Http Server · CVE-2025-58098
**Name of the Vulnerable Software and Affected Versions**
Apache HTTP Server versions prior to 2.4.66
**Description**
The Apache HTTP Server, when configured with Server Side Includes (SSI) enabled and utilizing `mod cgid` (but not `mod cgi`), improperly handles shell-escaped query strings passed to `#exec cmd="..."` directives. This can lead to command execution. The issue occurs when the server passes the shell-escaped query string to the `cmd` attribute within the `#exec` directive.
**Recommendations**
Upgrade to version 2.4.66 or later.