What is CVE-2025-54090?

CVE-2025-54090 is a vulnerability in Apache Software Foundation Http Server, classified under CWE-253. Published 2025-07-23.

Is CVE-2025-54090 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Software Foundation Http Server

CVE-2025-54090

A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue.

EPSS: 0.009 (76.4th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Http Server — versions 2.4.64

Weakness classification (CWE)

CWE-253

Public proof-of-concept exploits

8-cm/kube-dump

References

httpd.apache.org/security/vulnerabilities_24.html (vendor-advisory)

Frequently asked questions

What is CVE-2025-54090?: CVE-2025-54090 is a vulnerability in Apache Software Foundation Http Server, classified under CWE-253. Published 2025-07-23.
Is CVE-2025-54090 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.