Multiple Apache HTTP Server Vulnerabilities

Severity

High

Analysis Summary

CVE-2025-58098 CVSS:8.3

Apache HTTP Server 2.4.65 and earlier with Server Side Includes (SSI) enabled and mod_cgid (but not mod_cgi) passes the shell-escaped query string to #exec cmd="..." directives.

CVE-2025-65082 CVSS:6.5

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs.

CVE-2025-59775 CVSS:7.5

Server-Side Request Forgery (SSRF) vulnerability in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content.

Impact

Gain Access

Indicators of Compromise

CVE

CVE-2025-58098
CVE-2025-65082
CVE-2025-59775

Affected Vendors

Apache

Affected Products

Apache HTTP Server 2.4.0 - 2.4.65

Remediation

Refer to Apache Security Advisory for patch, upgrade, or suggested workaround information.

Apache Security Advisory

CVE-2025-46603 – Dell CloudBoost Virtual Appliance Vulnerability

Multiple Apple Products Vulnerabilities

Multiple Apache HTTP Server Vulnerabilities

Severity

High

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan