DEBIAN-CVE-2025-59775

DEBIAN-CVE-2025-59775 REJECTED CVSS 7.5 HIGH

Server-Side Request Forgery (SSRF) vulnerability in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.66, which fixes the issue.

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products

Vendor	Product	Versions
Debian:11	apache2	0, 2.4.48-3.1, 2.4.48-3.1+deb11u1

Timeline

Jan 26, 2026 CVE Rejected

References

https://security-tracker.debian.org/tracker/CVE-2025-59775 advisory

Open in Interactive Console →