VDB

DEBIAN-CVE-2025-66200

DEBIAN-CVE-2025-66200 PUBLISHED CVSS 5.400000095367432 MEDIUM

mod_userdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65. Users are recommended to upgrade to version 2.4.66, which fixes the issue.

Risk Scores

CVSS 3.1
5.400000095367432
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Affected Products

VendorProductVersions
Debian:13apache22.4.65-2, 2.4.65-3, 2.4.66-1~deb11u1
Debian:12apache2*, 0, 2.4.57-2
Debian:14apache22.4.65-2, 2.4.65-3, 2.4.66-1~deb11u1
Debian:11apache20, 2.4.48-3.1, 2.4.48-3.1+deb11u1

Exploit Intelligence

Timeline

  • Dec 5, 2025 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›