CVE-2025-3891

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Apache httpd mod auth openidc module (affected versions not specified)

Description A flaw in the mod auth openidc module for Apache httpd allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled, causing the server to crash consistently and affecting availability.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-248

Related Identifiers

ALSA-2025:4597

ALSA-2025:9396

ALT-PU-2023-8441

BDU:2025-10948

BIT-APACHE-2025-3891

CESA-2025_4597

CVE-2025-3891

DLA-4155-1

DSA-5917-1

GHSA-X7CF-8WGV-5J86

INFSA-2025_4597

INFSA-2025_9396

RHSA-2025:10002

RHSA-2025:10003

RHSA-2025:10004

RHSA-2025:10006

RHSA-2025:10007

RHSA-2025:10008

RHSA-2025:10010

RHSA-2025:4597

RHSA-2025:9396

RHSA-2025_4597

RHSA-2025_9396

SUSE-SU-2025:01585-1

SUSE-SU-2025:01953-1

SUSE-SU-2025:01962-1

SUSE-SU-2025:4532-1

SUSE-SU-2025_01585-1

SUSE-SU-2025_01953-1

SUSE-SU-2025_01962-1

Affected Products

Alt Linux

Almalinux

Apache Http Server

Centos

Debian

Red Hat

Red Os

Rocky Linux

Suse

CVE-2025-3891

Weakness Enumeration

Related Identifiers

Affected Products

References · 74