CVE-2025-59775
05.12.2025, 11:15
Server-Side Request Forgery (SSRF) vulnerability in Apache HTTP Server on Windows with AllowEncodedSlashes Onand MergeSlashes Off allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.66, which fixes the issue.
| Vendor | Product | Version |
|---|---|---|
| apache | http_server | 2.4.0 ≤ 𝑥 < 2.4.66 |
𝑥
= Vulnerable software versions
Debian Releases
Vulnerability Media Exposure