CVE-2025-53020

EUVD-2025-21015
Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server.

This issue affects Apache HTTP Server: from 2.4.17 up to 2.4.63.

Users are recommended to upgrade to version 2.4.64, which fixes the issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
Affected Products (NVD)
VendorProductVersion
apachehttp_server
2.4.17 ≤
𝑥
< 2.4.64
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
apache2
bookworm
2.4.68-1~deb12u1
fixed
bookworm (security)
2.4.67-1~deb12u3
fixed
bullseye
vulnerable
bullseye (security)
2.4.67-1~deb11u3
fixed
forky
2.4.68-1
fixed
sid
2.4.68-1
fixed
trixie
2.4.68-1~deb13u1
fixed
trixie (security)
2.4.67-1~deb13u3
fixed
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
apache2
suse enterprise desktop 15 SP6
2.4.58-150600.5.35.1
fixed
suse enterprise desktop 15 SP7
2.4.62-150700.4.3.1
fixed
suse enterprise sap 15 SP4
2.4.66-150400.6.57.1
fixed
suse enterprise sap 15 SP5
2.4.66-150400.6.57.1
fixed
suse enterprise sap 15 SP6
2.4.58-150600.5.35.1
fixed
suse enterprise sap 15 SP7
2.4.62-150700.4.3.1
fixed
suse enterprise server 12 SP3
2.4.51-29.128.1
fixed
suse enterprise server 12 SP5
2.4.51-35.69.1
fixed
suse enterprise server 15 SP2
2.4.51-150200.3.82.1
fixed
suse enterprise server 15 SP3
2.4.51-150200.3.82.1
fixed
suse enterprise server 15 SP4
2.4.66-150400.6.57.1
fixed
suse enterprise server 15 SP5
2.4.66-150400.6.57.1
fixed
suse enterprise server 15 SP6
2.4.58-150600.5.35.1
fixed
suse enterprise server 15 SP7
2.4.62-150700.4.3.1
fixed
apache2-devel
suse enterprise sap 15 SP4
2.4.66-150400.6.57.1
fixed
suse enterprise sap 15 SP5
2.4.66-150400.6.57.1
fixed
suse enterprise sap 15 SP6
2.4.58-150600.5.35.1
fixed
suse enterprise sap 15 SP7
2.4.62-150700.4.3.1
fixed
suse enterprise server 12 SP5
2.4.51-35.69.1
fixed
suse enterprise server 15 SP2
2.4.51-150200.3.82.1
fixed
suse enterprise server 15 SP3
2.4.51-150200.3.82.1
fixed
suse enterprise server 15 SP4
2.4.66-150400.6.57.1
fixed
suse enterprise server 15 SP5
2.4.66-150400.6.57.1
fixed
suse enterprise server 15 SP6
2.4.58-150600.5.35.1
fixed
suse enterprise server 15 SP7
2.4.62-150700.4.3.1
fixed
apache2-doc
suse enterprise sap 15 SP4
2.4.66-150400.6.57.1
fixed
suse enterprise sap 15 SP5
2.4.66-150400.6.57.1
fixed
suse enterprise sap 15 SP6
2.4.51-150400.6.46.1
fixed
suse enterprise sap 15 SP7
2.4.51-150400.6.46.1
fixed
suse enterprise server 12 SP3
2.4.51-29.128.1
fixed
suse enterprise server 12 SP5
2.4.51-35.69.1
fixed
suse enterprise server 15 SP2
2.4.51-150200.3.82.1
fixed
suse enterprise server 15 SP3
2.4.51-150200.3.82.1
fixed
suse enterprise server 15 SP4
2.4.66-150400.6.57.1
fixed
suse enterprise server 15 SP5
2.4.66-150400.6.57.1
fixed
suse enterprise server 15 SP6
2.4.51-150400.6.46.1
fixed
suse enterprise server 15 SP7
2.4.51-150400.6.46.1
fixed
apache2-example-pages
suse enterprise server 12 SP3
2.4.51-29.128.1
fixed
suse enterprise server 12 SP5
2.4.51-35.69.1
fixed
apache2-prefork
suse enterprise desktop 15 SP6
2.4.58-150600.5.35.1
fixed
suse enterprise desktop 15 SP7
2.4.62-150700.4.3.1
fixed
suse enterprise sap 15 SP4
2.4.66-150400.6.57.1
fixed
suse enterprise sap 15 SP5
2.4.66-150400.6.57.1
fixed
suse enterprise sap 15 SP6
2.4.58-150600.5.35.1
fixed
suse enterprise sap 15 SP7
2.4.62-150700.4.3.1
fixed
suse enterprise server 12 SP3
2.4.51-29.128.1
fixed
suse enterprise server 12 SP5
2.4.51-35.69.1
fixed
suse enterprise server 15 SP2
2.4.51-150200.3.82.1
fixed
suse enterprise server 15 SP3
2.4.51-150200.3.82.1
fixed
suse enterprise server 15 SP4
2.4.66-150400.6.57.1
fixed
suse enterprise server 15 SP5
2.4.66-150400.6.57.1
fixed
suse enterprise server 15 SP6
2.4.58-150600.5.35.1
fixed
suse enterprise server 15 SP7
2.4.62-150700.4.3.1
fixed
apache2-tls13
suse enterprise server 12 SP5
2.4.51-35.69.1
fixed
apache2-tls13-devel
suse enterprise server 12 SP5
2.4.51-35.69.1
fixed
apache2-tls13-doc
suse enterprise server 12 SP5
2.4.51-35.69.1
fixed
apache2-tls13-example-pages
suse enterprise server 12 SP5
2.4.51-35.69.1
fixed
apache2-tls13-prefork
suse enterprise server 12 SP5
2.4.51-35.69.1
fixed
apache2-tls13-utils
suse enterprise server 12 SP5
2.4.51-35.69.1
fixed
apache2-tls13-worker
suse enterprise server 12 SP5
2.4.51-35.69.1
fixed
apache2-utils
suse enterprise sap 15 SP4
2.4.66-150400.6.57.1
fixed
suse enterprise sap 15 SP5
2.4.66-150400.6.57.1
fixed
suse enterprise sap 15 SP6
2.4.58-150600.5.35.1
fixed
suse enterprise sap 15 SP7
2.4.62-150700.4.3.1
fixed
suse enterprise server 12 SP3
2.4.51-29.128.1
fixed
suse enterprise server 12 SP5
2.4.51-35.69.1
fixed
suse enterprise server 15 SP2
2.4.51-150200.3.82.1
fixed
suse enterprise server 15 SP3
2.4.51-150200.3.82.1
fixed
suse enterprise server 15 SP4
2.4.66-150400.6.57.1
fixed
suse enterprise server 15 SP5
2.4.66-150400.6.57.1
fixed
suse enterprise server 15 SP6
2.4.58-150600.5.35.1
fixed
suse enterprise server 15 SP7
2.4.62-150700.4.3.1
fixed
apache2-worker
suse enterprise sap 15 SP4
2.4.66-150400.6.57.1
fixed
suse enterprise sap 15 SP5
2.4.66-150400.6.57.1
fixed
suse enterprise sap 15 SP6
2.4.58-150600.5.35.1
fixed
suse enterprise sap 15 SP7
2.4.62-150700.4.3.1
fixed
suse enterprise server 12 SP3
2.4.51-29.128.1
fixed
suse enterprise server 12 SP5
2.4.51-35.69.1
fixed
suse enterprise server 15 SP2
2.4.51-150200.3.82.1
fixed
suse enterprise server 15 SP3
2.4.51-150200.3.82.1
fixed
suse enterprise server 15 SP4
2.4.66-150400.6.57.1
fixed
suse enterprise server 15 SP5
2.4.66-150400.6.57.1
fixed
suse enterprise server 15 SP6
2.4.58-150600.5.35.1
fixed
suse enterprise server 15 SP7
2.4.62-150700.4.3.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
mod
RHEL 9
0:2.0.26-6.el9_8
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
httpd
Amazon Linux 2
0:2.4.64-1.amzn2.0.1
fixed
Amazon Linux 2023
0:2.4.64-1.amzn2023.0.1
fixed
httpd-core
Amazon Linux 2023
0:2.4.64-1.amzn2023.0.1
fixed
httpd-core-debuginfo
Amazon Linux 2023
0:2.4.64-1.amzn2023.0.1
fixed
httpd-debuginfo
Amazon Linux 2
0:2.4.64-1.amzn2.0.1
fixed
Amazon Linux 2023
0:2.4.64-1.amzn2023.0.1
fixed
httpd-debugsource
Amazon Linux 2023
0:2.4.64-1.amzn2023.0.1
fixed
httpd-devel
Amazon Linux 2
0:2.4.64-1.amzn2.0.1
fixed
Amazon Linux 2023
0:2.4.64-1.amzn2023.0.1
fixed
httpd-filesystem
Amazon Linux 2
0:2.4.64-1.amzn2.0.1
fixed
Amazon Linux 2023
0:2.4.64-1.amzn2023.0.1
fixed
httpd-manual
Amazon Linux 2
0:2.4.64-1.amzn2.0.1
fixed
Amazon Linux 2023
0:2.4.64-1.amzn2023.0.1
fixed
httpd-tools
Amazon Linux 2
0:2.4.64-1.amzn2.0.1
fixed
Amazon Linux 2023
0:2.4.64-1.amzn2023.0.1
fixed
httpd-tools-debuginfo
Amazon Linux 2023
0:2.4.64-1.amzn2023.0.1
fixed
mod_ldap
Amazon Linux 2
0:2.4.64-1.amzn2.0.1
fixed
Amazon Linux 2023
0:2.4.64-1.amzn2023.0.1
fixed
mod_ldap-debuginfo
Amazon Linux 2023
0:2.4.64-1.amzn2023.0.1
fixed
mod_lua
Amazon Linux 2023
0:2.4.64-1.amzn2023.0.1
fixed
mod_lua-debuginfo
Amazon Linux 2023
0:2.4.64-1.amzn2023.0.1
fixed
mod_md
Amazon Linux 2
0:2.4.64-1.amzn2.0.1
fixed
mod_proxy_html
Amazon Linux 2
1:2.4.64-1.amzn2.0.1
fixed
Amazon Linux 2023
1:2.4.64-1.amzn2023.0.1
fixed
mod_proxy_html-debuginfo
Amazon Linux 2023
1:2.4.64-1.amzn2023.0.1
fixed
mod_session
Amazon Linux 2
0:2.4.64-1.amzn2.0.1
fixed
Amazon Linux 2023
0:2.4.64-1.amzn2023.0.1
fixed
mod_session-debuginfo
Amazon Linux 2023
0:2.4.64-1.amzn2023.0.1
fixed
mod_ssl
Amazon Linux 2
1:2.4.64-1.amzn2.0.1
fixed
Amazon Linux 2023
1:2.4.64-1.amzn2023.0.1
fixed
mod_ssl-debuginfo
Amazon Linux 2023
1:2.4.64-1.amzn2023.0.1
fixed
Azure Linux logo
Azure Linux Releases
Azure Package
Release
httpd
Azure Linux 3.0
0:2.4.64-1.azl3
fixed
CBL-Mariner 2.0
0:2.4.64-1.cm2
fixed