CVE-2025-66200 | THREATINT

Description

mod_userdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65. Users are recommended to upgrade to version 2.4.66, which fixes the issue.

PUBLISHED Reserved 2025-11-24 | Published 2025-12-05 | Updated 2025-12-05 | Assigner apache

Problem types

mod_userdir+suexec bypass via AllowOverride FileInfo

Product status

Default status

unaffected

2.4.7 (semver)

affected

Timeline

2025-11-19:	reported
2025-12-01:	fixed in 2.4.x by r1930168

Credits

Mattias Åsander (Umeå University) finder

References

www.openwall.com/lists/oss-security/2025/12/04/8

httpd.apache.org/security/vulnerabilities_24.html vendor-advisory

cve.org (CVE-2025-66200)

nvd.nist.gov (CVE-2025-66200)