CVE-2025-49630 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 89%

Affected Products (NVD)

Vendor	Product	Version
apache	http_server	2.4.26 ≤ 𝑥 < 2.4.64

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

apache2

bionic	Fixed 2.4.29-1ubuntu4.27+esm6 released
focal	Fixed 2.4.41-4ubuntu3.23+esm2 released
jammy	Fixed 2.4.52-1ubuntu4.15 released
noble	Fixed 2.4.58-1ubuntu8.7 released
plucky	Fixed 2.4.63-1ubuntu1.1 released
trusty	not-affected
xenial	not-affected

openSUSE / SLES Releases

openSUSE Product

Release

apache2

suse enterprise desktop 15 SP6	2.4.58-150600.5.35.1 fixed
suse enterprise desktop 15 SP7	2.4.62-150700.4.3.1 fixed
suse enterprise sap 15 SP4	2.4.51-150400.6.46.1 fixed
suse enterprise sap 15 SP5	2.4.51-150400.6.46.1 fixed
suse enterprise sap 15 SP6	2.4.58-150600.5.35.1 fixed
suse enterprise sap 15 SP7	2.4.62-150700.4.3.1 fixed
suse enterprise server 12 SP3	2.4.51-29.128.1 fixed
suse enterprise server 12 SP5	2.4.51-35.69.1 fixed
suse enterprise server 15 SP2	2.4.51-150200.3.82.1 fixed
suse enterprise server 15 SP3	2.4.51-150200.3.82.1 fixed
suse enterprise server 15 SP4	2.4.51-150400.6.46.1 fixed
suse enterprise server 15 SP5	2.4.51-150400.6.46.1 fixed
suse enterprise server 15 SP6	2.4.58-150600.5.35.1 fixed
suse enterprise server 15 SP7	2.4.62-150700.4.3.1 fixed

apache2-devel

suse enterprise sap 15 SP4	2.4.51-150400.6.46.1 fixed
suse enterprise sap 15 SP5	2.4.51-150400.6.46.1 fixed
suse enterprise sap 15 SP6	2.4.58-150600.5.35.1 fixed
suse enterprise sap 15 SP7	2.4.62-150700.4.3.1 fixed
suse enterprise server 12 SP5	2.4.51-35.69.1 fixed
suse enterprise server 15 SP2	2.4.51-150200.3.82.1 fixed
suse enterprise server 15 SP3	2.4.51-150200.3.82.1 fixed
suse enterprise server 15 SP4	2.4.51-150400.6.46.1 fixed
suse enterprise server 15 SP5	2.4.51-150400.6.46.1 fixed
suse enterprise server 15 SP6	2.4.58-150600.5.35.1 fixed
suse enterprise server 15 SP7	2.4.62-150700.4.3.1 fixed

apache2-doc

suse enterprise sap 15 SP4	2.4.51-150400.6.46.1 fixed
suse enterprise sap 15 SP5	2.4.51-150400.6.46.1 fixed
suse enterprise sap 15 SP6	2.4.51-150400.6.46.1 fixed
suse enterprise sap 15 SP7	2.4.51-150400.6.46.1 fixed
suse enterprise server 12 SP3	2.4.51-29.128.1 fixed
suse enterprise server 12 SP5	2.4.51-35.69.1 fixed
suse enterprise server 15 SP2	2.4.51-150200.3.82.1 fixed
suse enterprise server 15 SP3	2.4.51-150200.3.82.1 fixed
suse enterprise server 15 SP4	2.4.51-150400.6.46.1 fixed
suse enterprise server 15 SP5	2.4.51-150400.6.46.1 fixed
suse enterprise server 15 SP6	2.4.51-150400.6.46.1 fixed
suse enterprise server 15 SP7	2.4.51-150400.6.46.1 fixed

apache2-example-pages

suse enterprise server 12 SP3	2.4.51-29.128.1 fixed
suse enterprise server 12 SP5	2.4.51-35.69.1 fixed

apache2-prefork

suse enterprise desktop 15 SP6	2.4.58-150600.5.35.1 fixed
suse enterprise desktop 15 SP7	2.4.62-150700.4.3.1 fixed
suse enterprise sap 15 SP4	2.4.51-150400.6.46.1 fixed
suse enterprise sap 15 SP5	2.4.51-150400.6.46.1 fixed
suse enterprise sap 15 SP6	2.4.58-150600.5.35.1 fixed
suse enterprise sap 15 SP7	2.4.62-150700.4.3.1 fixed
suse enterprise server 12 SP3	2.4.51-29.128.1 fixed
suse enterprise server 12 SP5	2.4.51-35.69.1 fixed
suse enterprise server 15 SP2	2.4.51-150200.3.82.1 fixed
suse enterprise server 15 SP3	2.4.51-150200.3.82.1 fixed
suse enterprise server 15 SP4	2.4.51-150400.6.46.1 fixed
suse enterprise server 15 SP5	2.4.51-150400.6.46.1 fixed
suse enterprise server 15 SP6	2.4.58-150600.5.35.1 fixed
suse enterprise server 15 SP7	2.4.62-150700.4.3.1 fixed

apache2-tls13

suse enterprise server 12 SP5

2.4.51-35.69.1

fixed

apache2-tls13-devel

suse enterprise server 12 SP5

2.4.51-35.69.1

fixed

apache2-tls13-doc

suse enterprise server 12 SP5

2.4.51-35.69.1

fixed

apache2-tls13-example-pages

suse enterprise server 12 SP5

2.4.51-35.69.1

fixed

apache2-tls13-prefork

suse enterprise server 12 SP5

2.4.51-35.69.1

fixed

apache2-tls13-utils

suse enterprise server 12 SP5

2.4.51-35.69.1

fixed

apache2-tls13-worker

suse enterprise server 12 SP5

2.4.51-35.69.1

fixed

apache2-utils

suse enterprise sap 15 SP4	2.4.51-150400.6.46.1 fixed
suse enterprise sap 15 SP5	2.4.51-150400.6.46.1 fixed
suse enterprise sap 15 SP6	2.4.58-150600.5.35.1 fixed
suse enterprise sap 15 SP7	2.4.62-150700.4.3.1 fixed
suse enterprise server 12 SP3	2.4.51-29.128.1 fixed
suse enterprise server 12 SP5	2.4.51-35.69.1 fixed
suse enterprise server 15 SP2	2.4.51-150200.3.82.1 fixed
suse enterprise server 15 SP3	2.4.51-150200.3.82.1 fixed
suse enterprise server 15 SP4	2.4.51-150400.6.46.1 fixed
suse enterprise server 15 SP5	2.4.51-150400.6.46.1 fixed
suse enterprise server 15 SP6	2.4.58-150600.5.35.1 fixed
suse enterprise server 15 SP7	2.4.62-150700.4.3.1 fixed

apache2-worker

suse enterprise sap 15 SP4	2.4.51-150400.6.46.1 fixed
suse enterprise sap 15 SP5	2.4.51-150400.6.46.1 fixed
suse enterprise sap 15 SP6	2.4.58-150600.5.35.1 fixed
suse enterprise sap 15 SP7	2.4.62-150700.4.3.1 fixed
suse enterprise server 12 SP3	2.4.51-29.128.1 fixed
suse enterprise server 12 SP5	2.4.51-35.69.1 fixed
suse enterprise server 15 SP2	2.4.51-150200.3.82.1 fixed
suse enterprise server 15 SP3	2.4.51-150200.3.82.1 fixed
suse enterprise server 15 SP4	2.4.51-150400.6.46.1 fixed
suse enterprise server 15 SP5	2.4.51-150400.6.46.1 fixed
suse enterprise server 15 SP6	2.4.58-150600.5.35.1 fixed
suse enterprise server 15 SP7	2.4.62-150700.4.3.1 fixed

Red Hat Enterprise Linux Releases

Red Hat Product

Release

mod

RHEL 9

0:2.0.26-4.el9_6.1

fixed

Common Weakness Enumeration

CWE-617 - Reachable Assertion
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

References

https://httpd.apache.org/security/vulnerabilities_24.html

http://www.openwall.com/lists/oss-security/2025/07/10/2

http://www.openwall.com/lists/oss-security/2025/07/10/7

https://lists.debian.org/debian-lts-announce/2025/08/msg00009.html