CVE-2025-53020

High

Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: from 2.4.17 up…

apache·CWE-401·Published 2025-07-10

CVSS

7.5

EPSS

0.03

KEV

Exploits

Vendor statements (1)

httpd.apache.org

cve.orgen

226 chars

Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: from 2.4.17 up to 2.4.63. Users are recommended to upgrade to version 2.4.64, which fixes the issue.

NVDes

270 chars

Vulnerabilidad de liberación tardía de memoria tras el tiempo de vida útil efectivo en el servidor Apache HTTP. Este problema afecta al servidor Apache HTTP desde la versión 2.4.17 hasta la 2.4.63. Se recomienda actualizar a la versión 2.4.64, que soluciona el problema.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	7.5	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.1	Primary	cve.org	7.5	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.1	Secondary	NVD	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H