CVE-2025-66200

CVSS v2.0

5.5

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.7 through 2.4.65

Description A flaw exists in Apache HTTP Server where a bypass of mod userdir+suexec is possible via the AllowOverride FileInfo functionality. Individuals with the ability to utilize the RequestHeader directive within an htaccess file can potentially cause CGI scripts to execute under an unintended user ID.

Recommendations Upgrade to version 2.4.66 to resolve this issue.

Fix

Authentication Bypass Using an Alternate Path or Channel

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-288

Related Identifiers

ALSA-2025:23732

ALSA-2025:23919

ALSA-2025:23932

AZL-71528

AZL-71590

BDU:2025-15638

BIT-APACHE-2025-66200

CVE-2025-66200

MGASA-2025-0322

OESA-2026-1527

OESA-2026-1528

OESA-2026-1529

OESA-2026-1592

OESA-2026-1593

OPENSUSE-SU-2025:15808-1

OPENSUSE-SU-2026:20030-1

OPENSUSE-SU-2026:20810-1

RHSA-2026:2994

RHSA-2026:5156

SUSE-SU-2025:4488-1

SUSE-SU-2025:4518-1

SUSE-SU-2026:0019-1

SUSE-SU-2026:0020-1

SUSE-SU-2026:20081-1

USN-7968-1

USN-8338-1

Affected Products

Alt Linux

Almalinux

Apache Http Server

Centos

Debian

Linuxmint

Apple Macos

Red Hat

Red Os

Rocky Linux

Ubuntu

CVE-2025-66200

Weakness Enumeration

Related Identifiers

Affected Products

References · 122