Login Sign Up

CVE-2025-55753

7.5 HIGH
Denial of Service

📋 TL;DR

An integer overflow in Apache HTTP Server's ACME certificate renewal process causes the backoff timer to reset to zero after approximately 30 days of consecutive renewal failures. This leads to immediate, repeated certificate renewal attempts without delays, potentially causing denial of service through resource exhaustion. The vulnerability affects Apache HTTP Server versions 2.4.30 through 2.4.65.

💻 Affected Systems

Products:
  • Apache HTTP Server
Versions: 2.4.30 through 2.4.65
Operating Systems: All operating systems running affected Apache versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects servers using ACME for certificate renewal; requires approximately 30 consecutive days of renewal failures to trigger.

📦 What is this software?

Http Server by Apache

View all CVEs affecting Http Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Continuous certificate renewal attempts consume server resources, leading to denial of service and potential service disruption for legitimate users.

🟠

Likely Case

Increased server load and resource consumption during certificate renewal failures, potentially impacting performance.

🟢

If Mitigated

Minimal impact with proper monitoring and quick certificate renewal success.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: NO
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires specific conditions: ACME certificate renewal must fail repeatedly for ~30 days. This is not a typical remote code execution or authentication bypass vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.4.66

Vendor Advisory: https://httpd.apache.org/security/vulnerabilities_24.html

Restart Required: Yes

Instructions:

1. Download Apache HTTP Server 2.4.66 from the official Apache website. 2. Stop the Apache service. 3. Backup current configuration files. 4. Install version 2.4.66. 5. Restore configuration files. 6. Start the Apache service.

🔧 Temporary Workarounds

Monitor ACME Certificate Renewals

all

Ensure ACME certificate renewals succeed to prevent the 30-day failure condition from occurring.

# Check certificate renewal status regularly
# Example: Check ACME renewal logs
grep -i acme /var/log/apache2/error.log

🧯 If You Can't Patch

  • Implement monitoring for ACME certificate renewal failures and address them promptly.
  • Consider using alternative certificate management methods temporarily.

🔍 How to Verify

Check if Vulnerable:

Check Apache version with 'httpd -v' or 'apache2 -v'. If version is between 2.4.30 and 2.4.65 inclusive, the system is vulnerable.

Check Version:

httpd -v  # or apache2 -v

Verify Fix Applied:

After patching, verify version is 2.4.66 or higher using 'httpd -v' or 'apache2 -v'.

📡 Detection & Monitoring

Log Indicators:

  • Repeated ACME certificate renewal attempts without delays
  • Error logs showing certificate renewal failures

Network Indicators:

  • Increased traffic to ACME certificate authorities
  • Unusual patterns in certificate renewal requests

SIEM Query:

source="apache_error.log" AND "ACME" AND "renewal"

📊 Metadata

CVE ID: CVE-2025-55753
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-190
EPSS Score: 0.07% exploit probability (21.9th percentile)
Published: December 5, 2025
Last Updated: December 10, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-55753, you might also want to check these:

CVE-2025-64721 10.0

This vulnerability in Sandboxie allows sandboxed processes to exploit an integer overflow in the Sbi...

Same vulnerability type (CWE-190)
CVE-2025-52581 9.8

An integer overflow vulnerability in libbiosig's GDF file parsing allows arbitrary code execution wh...

Same vulnerability type (CWE-190)
CVE-2025-53518 9.8

An integer overflow vulnerability in libbiosig's ABF file parser allows arbitrary code execution whe...

Same vulnerability type (CWE-190)