{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-59775", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2025-09-19T12:13:44.078Z", "datePublished": "2025-12-05T10:17:03.852Z", "dateUpdated": "2025-12-05T19:28:44.631Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Apache HTTP Server", "vendor": "Apache Software Foundation", "versions": [{"lessThanOrEqual": "2.4.65", "status": "affected", "version": "2.4.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Orange Tsai (@orange_8361) from DEVCORE"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>\n\nServer-Side Request Forgery (SSRF) vulnerability \n\n&nbsp;in Apache HTTP Server on Windows \n\nwith <span style=\"background-color: rgb(247, 247, 247);\">AllowEncodedSlashes</span> <span style=\"background-color: rgb(247, 247, 247);\">On</span>&nbsp;and <span style=\"background-color: rgb(247, 247, 247);\">MergeSlashes</span> <span style=\"background-color: rgb(247, 247, 247);\">Off</span>&nbsp; allows to potentially leak NTLM \nhashes to a malicious server via SSRF and malicious requests or content</p><p>Users are recommended to upgrade to version 2.4.66, which fixes the issue.</p>"}], "value": "Server-Side Request Forgery (SSRF) vulnerability \n\n\u00a0in Apache HTTP Server on Windows \n\nwith AllowEncodedSlashes On\u00a0and MergeSlashes Off\u00a0 allows to potentially leak NTLM \nhashes to a malicious server via SSRF and malicious requests or content\n\nUsers are recommended to upgrade to version 2.4.66, which fixes the issue."}], "metrics": [{"other": {"content": {"text": "moderate"}, "type": "Textual description of severity"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2025-12-05T10:17:03.852Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://httpd.apache.org/security/vulnerabilities_24.html"}], "source": {"discovery": "UNKNOWN"}, "timeline": [{"lang": "en", "time": "2025-09-10T12:00:00.000Z", "value": "reported"}, {"lang": "en", "time": "2025-12-01T12:00:00.000Z", "value": "fixed in 2.4.x by r1930166"}], "title": "Apache HTTP Server: NTLM Leakage on Windows through UNC SSRF", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2025/12/04/6"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-12-05T11:05:59.532Z"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-12-05T19:28:08.046980Z", "id": "CVE-2025-59775", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-05T19:28:44.631Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2025/12/04/6"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-12-05T11:05:59.532Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-59775", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-12-05T19:28:08.046980Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-05T19:28:39.426Z"}}], "cna": {"title": "Apache HTTP Server: NTLM Leakage on Windows through UNC SSRF", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Orange Tsai (@orange_8361) from DEVCORE"}], "metrics": [{"other": {"type": "Textual description of severity", "content": {"text": "moderate"}}}], "affected": [{"vendor": "Apache Software Foundation", "product": "Apache HTTP Server", "versions": [{"status": "affected", "version": "2.4.0", "versionType": "semver", "lessThanOrEqual": "2.4.65"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-09-10T12:00:00.000Z", "value": "reported"}, {"lang": "en", "time": "2025-12-01T12:00:00.000Z", "value": "fixed in 2.4.x by r1930166"}], "references": [{"url": "https://httpd.apache.org/security/vulnerabilities_24.html", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Server-Side Request Forgery (SSRF) vulnerability \n\n\u00a0in Apache HTTP Server on Windows \n\nwith AllowEncodedSlashes On\u00a0and MergeSlashes Off\u00a0 allows to potentially leak NTLM \nhashes to a malicious server via SSRF and malicious requests or content\n\nUsers are recommended to upgrade to version 2.4.66, which fixes the issue.", "supportingMedia": [{"type": "text/html", "value": "<p>\n\nServer-Side Request Forgery (SSRF) vulnerability \n\n&nbsp;in Apache HTTP Server on Windows \n\nwith <span style=\"background-color: rgb(247, 247, 247);\">AllowEncodedSlashes</span> <span style=\"background-color: rgb(247, 247, 247);\">On</span>&nbsp;and <span style=\"background-color: rgb(247, 247, 247);\">MergeSlashes</span> <span style=\"background-color: rgb(247, 247, 247);\">Off</span>&nbsp; allows to potentially leak NTLM \nhashes to a malicious server via SSRF and malicious requests or content</p><p>Users are recommended to upgrade to version 2.4.66, which fixes the issue.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2025-12-05T10:17:03.852Z"}}}, "cveMetadata": {"cveId": "CVE-2025-59775", "state": "PUBLISHED", "dateUpdated": "2025-12-05T19:28:44.631Z", "dateReserved": "2025-09-19T12:13:44.078Z", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "datePublished": "2025-12-05T10:17:03.852Z", "assignerShortName": "apache"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "2E190AC9-8786-444C-877C-DE4BC272331F", "versionEndExcluding": "2.4.66", "versionStartIncluding": "2.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Server-Side Request Forgery (SSRF) vulnerability \n\n\u00a0in Apache HTTP Server on Windows \n\nwith AllowEncodedSlashes On\u00a0and MergeSlashes Off\u00a0 allows to potentially leak NTLM \nhashes to a malicious server via SSRF and malicious requests or content\n\nUsers are recommended to upgrade to version 2.4.66, which fixes the issue."}], "id": "CVE-2025-59775", "lastModified": "2025-12-10T16:40:04.333", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-12-05T11:15:52.210", "references": [{"source": "security@apache.org", "tags": ["Vendor Advisory"], "url": "https://httpd.apache.org/security/vulnerabilities_24.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2025/12/04/6"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "security@apache.org", "type": "Secondary"}]}

{"bugzilla": {"description": "httpd: Apache HTTP Server: NTLM Leakage on Windows via SSRF", "id": "2419141", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419141"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "draft"}, "cwe": "CWE-918", "details": ["No description is available for this CVE."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-59775", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "httpd", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "httpd", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "httpd", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "httpd:2.4/httpd", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "httpd", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:jboss_core_services:1", "fix_state": "Not affected", "package_name": "httpd", "product_name": "Red Hat JBoss Core Services"}, {"cpe": "cpe:/a:redhat:jboss_core_services:1", "fix_state": "Not affected", "package_name": "jbcs-httpd24-httpd", "product_name": "Red Hat JBoss Core Services"}], "public_date": "2025-12-05T10:17:03Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-59775\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-59775\nhttps://httpd.apache.org/security/vulnerabilities_24.html"], "threat_severity": "Important"}

{"created": "2025-12-05T20:56:23.749578+00:00", "updated": "2025-12-05T20:56:23.749603+00:00", "vendors": ["apache", "apache$PRODUCT$http_server", "microsoft", "microsoft$PRODUCT$windows"]}