PT-2025-49180 · Apache+10 · Apache Http Server+10

Aisle Research

·

Published

2025-01-01

·

Updated

2026-05-28

·

CVE-2025-55753

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.30 through 2.4.65
Description An integer overflow occurs during failed ACME certificate renewal. After approximately 30 days of failures with default configurations, the backoff timer reaches zero. Subsequent certificate renewal attempts are then repeated continuously without delay until successful.
Recommendations Upgrade to version 2.4.66 to resolve the issue.

Fix

DoS

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALSA-2025:23732
ALSA-2025:23738
ALSA-2025:23739
AZL-71851
AZL-71858
AZL-71863
AZL-71870
BDU:2025-15636
BIT-APACHE-2025-55753
CVE-2025-55753
MGASA-2025-0322
OESA-2026-1064
OESA-2026-1527
OESA-2026-1528
OESA-2026-1529
OESA-2026-1530
OESA-2026-1593
OPENSUSE-SU-2025:15808-1
OPENSUSE-SU-2026:20030-1
OPENSUSE-SU-2026:20810-1
RHSA-2025:23732
RHSA-2025:23738
RHSA-2025:23739
RHSA-2026:0009
RHSA-2026:0010
RHSA-2026:0011
RHSA-2026:0012
RHSA-2026:0029
RHSA-2026:0030
RHSA-2026:0092
RHSA-2026:0093
RHSA-2026:0094
RHSA-2026:2994
SUSE-SU-2025:4488-1
SUSE-SU-2025:4518-1
SUSE-SU-2026:0019-1
SUSE-SU-2026:0020-1
SUSE-SU-2026:20081-1
SUSE-SU-2026:21846-1
USN-7968-1
USN-8338-1

Affected Products

Alt Linux
Almalinux
Apache Http Server
Centos
Debian
Linuxmint
Apple Macos
Red Hat
Red Os
Rocky Linux
Ubuntu