Security Advisory

CVE-2025-66200

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-12-05 11:02:25

Last updated 2025-12-05 17:38:36

Assigner apache

State PUBLISHED

Description

mod_userdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65. Users are recommended to upgrade to version 2.4.66, which fixes the issue.

← Browse all CVEs View on cve.org ↗