What is the CVSS score of CVE-2025-55753?

CVE-2025-55753 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. EPSS exploitation probability: 0.1%.

Which versions of Ubuntu are affected by CVE-2025-55753?

Apache HTTP Server versions 2.4.30-2.4.65 contain a vulnerability that causes certificate renewal processes to fail silently and then repeatedly attempt renewal without delays after approximately 30…. A patch is available.

Is there a public PoC exploit available for CVE-2025-55753?

Yes, a public proof-of-concept exploit is available for CVE-2025-55753. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2025-55753?

Within 24 hours: Inventory all systems running Apache HTTP Server and identify instances with versions 2.4.30-2.4.65. Within 7 days: Develop and test a patching plan for upgrade to version 2.4.66 in your change management process. Within 30 days: Complete deployment of patched Apache version 2.4.66 across all affected production and non-production systems, prioritizing internet-facing web servers.

Ubuntu CVE-2025-55753

EUVD-2025-201395 HIGH

Integer Overflow or Wraparound (CWE-190)

2025-12-05 security@apache.org

Buffer Overflow Apache Integer Overflow Debian Ubuntu Red Hat Http Server Suse

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

EUVD ID Assigned

Mar 15, 2026 - 17:08 euvd

EUVD-2025-201395

Analysis Generated

Mar 15, 2026 - 17:08 vuln.today

CVE Published

Dec 05, 2025 - 11:15 nvd

HIGH 7.5

DescriptionNVD

An integer overflow in the case of failed ACME certificate renewal leads, after a number of failures (~30 days in default configurations), to the backoff timer becoming 0. Attempts to renew the certificate then are repeated without delays until it succeeds.

This issue affects Apache HTTP Server: from 2.4.30 before 2.4.66.

Users are recommended to upgrade to version 2.4.66, which fixes the issue.

Analysis

This issue affects Apache HTTP Server: from 2.4.30 before 2.4.66.

Users are recommended to upgrade to version 2.4.66, which fixes the issue.

Technical ContextAI

An integer overflow occurs when an arithmetic operation produces a value that exceeds the maximum (or minimum) size of the integer type used to store it. This vulnerability is classified as Integer Overflow or Wraparound (CWE-190).

RemediationAI

Use safe integer arithmetic libraries. Check for overflow conditions before operations. Use appropriately sized integer types.

More from same product – last 7 days

CVE-2025-48977 HIGH This Week

8.5 May 28

Path traversal in Apache Ignite 2.0.0 through 2.17.0 lets authenticated REST API users read arbitrary files on the serve

CVE-2026-9277 HIGH This Week

8.1 May 22

Command injection in the shell-quote npm package allows attackers who can influence object-token inputs to inject arbitr

CVE-2026-9256 HIGH This Week

8.1 May 22

Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers

CVE-2026-47269 HIGH This Week

7.4 May 27

Authentication-context bypass in pam_usb before 0.9.0 lets a person holding an enrolled USB device authenticate over SSH

CVE-2026-42782 HIGH This Week

7.2 May 25

Code execution via Groovy sandbox bypass in Apache Syncope 3.0 through 3.0.16, 4.0 through 4.0.5, and 4.1.0 allows a hig

Vendor StatusVendor

Ubuntu

Priority: Low

apache2

Release	Status	Version
trusty	needs-triage	-
xenial	needs-triage	-
bionic	needs-triage	-
focal	needs-triage	-
plucky	ignored	end of life, was needs-triage
jammy	released	2.4.52-1ubuntu4.18
noble	released	2.4.58-1ubuntu8.10
questing	released	2.4.64-1ubuntu3.2
upstream	released	2.4.66

USN-7968-1

Debian

Bug #1121926

apache2

Release	Status	Fixed Version	Urgency
bullseye	fixed	2.4.66-1~deb11u1	-
bullseye (security)	fixed	2.4.66-1~deb11u1	-
bookworm	fixed	2.4.66-1~deb12u1	-
bookworm (security)	vulnerable	2.4.62-1~deb12u2	-
trixie	fixed	2.4.66-1~deb13u1	-
forky, sid	fixed	2.4.66-8	-
(unstable)	fixed	2.4.66-1	-

DLA-4452-1

CVE-2025-55753 vulnerability details – vuln.today

Back

Ubuntu CVE-2025-55753

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

Analysis

Technical ContextAI

RemediationAI

More from same product – last 7 days

Vendor StatusVendor

Ubuntu

Debian

Share

External POC / Exploit Code