Login Sign Up

CVE-2025-65082

6.5 MEDIUM

📋 TL;DR

This vulnerability allows attackers to manipulate CGI program behavior by injecting malicious environment variables through Apache configuration. It affects Apache HTTP Server versions 2.4.0 through 2.4.65 when CGI functionality is enabled. Attackers could potentially execute arbitrary code or bypass security controls.

💻 Affected Systems

Products:
  • Apache HTTP Server
Versions: 2.4.0 through 2.4.65
Operating Systems: All operating systems running affected Apache versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable when CGI functionality is enabled and configured. Default Apache configurations typically don't enable CGI by default.

📦 What is this software?

Http Server by Apache

View all CVEs affecting Http Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with web server privileges, leading to complete system compromise.

🟠

Likely Case

Information disclosure, privilege escalation, or limited command execution depending on CGI script functionality.

🟢

If Mitigated

No impact if CGI functionality is disabled or proper input validation is implemented in CGI scripts.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires understanding of Apache configuration and CGI environment variable handling. No public exploits available at time of analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.4.66

Vendor Advisory: https://httpd.apache.org/security/vulnerabilities_24.html

Restart Required: Yes

Instructions:

1. Download Apache 2.4.66 from official Apache website. 2. Stop Apache service. 3. Backup current configuration. 4. Install new version. 5. Restore configuration. 6. Start Apache service.

🔧 Temporary Workarounds

Disable CGI functionality

all

Remove or disable CGI modules and configurations if not required

# Comment out or remove LoadModule cgi_module lines in httpd.conf
# Remove or disable CGI-related configurations

Restrict CGI execution

all

Limit CGI execution to specific directories with strict permissions

# In httpd.conf: <Directory "/path/to/cgi-bin"> Options -ExecCGI </Directory>

🧯 If You Can't Patch

  • Implement strict input validation in all CGI scripts
  • Use web application firewall (WAF) rules to block suspicious environment variable manipulation attempts

🔍 How to Verify

Check if Vulnerable:

Check Apache version and CGI module status: httpd -v and check for LoadModule cgi_module in configuration

Check Version:

httpd -v | grep 'Apache/'

Verify Fix Applied:

Verify Apache version is 2.4.66 or higher: httpd -v

📡 Detection & Monitoring

Log Indicators:

  • Unusual CGI script execution patterns
  • Errors related to environment variable handling in error_log

Network Indicators:

  • HTTP requests attempting to manipulate CGI environment variables

SIEM Query:

source="apache_access" AND (uri="*.cgi" OR uri="*.pl") AND (user_agent CONTAINS suspicious_pattern OR referer CONTAINS suspicious_pattern)

📊 Metadata

CVE ID: CVE-2025-65082
CVSS v3 Score: 6.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CWE: CWE-150
EPSS Score: 0.16% exploit probability (36.4th percentile)
Published: December 5, 2025
Last Updated: December 10, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-65082, you might also want to check these:

CVE-2025-47284 9.9

This vulnerability allows administrative users within a Gardener project to escalate privileges and ...

Same vulnerability type (CWE-150)
CVE-2026-25996 9.8

This vulnerability in Inspektor Gadget allows malicious containers to inject ANSI escape sequences i...

Same vulnerability type (CWE-150)
CVE-2023-3265 9.8

CVE-2023-3265 is an authentication bypass vulnerability in CyberPower PowerPanel Enterprise that all...

Same vulnerability type (CWE-150)