How to fix EUVD-2025-201395?

Within 24 hours: Inventory all systems running Apache HTTP Server and identify instances with versions 2.4.30-2.4.65. Within 7 days: Develop and test a patching plan for upgrade to version 2.4.66 in your change management process. Within 30 days: Complete deployment of patched Apache version 2.4.66 across all affected production and non-production systems, prioritizing internet-facing web servers.

Is Integer Overflow affected by EUVD-2025-201395?

Apache HTTP Server versions 2.4.30-2.4.65 contain a vulnerability that causes certificate renewal processes to fail silently and then repeatedly attempt renewal without delays after approximately 30 days, potentially disrupting web services and creating operational instability.

EUVD-2025-201395

| CVE-2025-55753 HIGH

2025-12-05 [email protected]

7.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

EUVD ID Assigned

Mar 15, 2026 - 17:08 euvd

EUVD-2025-201395

Analysis Generated

Mar 15, 2026 - 17:08 vuln.today

CVE Published

Dec 05, 2025 - 11:15 nvd

HIGH 7.5

Description

An integer overflow in the case of failed ACME certificate renewal leads, after a number of failures (~30 days in default configurations), to the backoff timer becoming 0. Attempts to renew the certificate then are repeated without delays until it succeeds. This issue affects Apache HTTP Server: from 2.4.30 before 2.4.66. Users are recommended to upgrade to version 2.4.66, which fixes the issue.

Analysis

This issue affects Apache HTTP Server: from 2.4.30 before 2.4.66.

Users are recommended to upgrade to version 2.4.66, which fixes the issue.

Technical Context

An integer overflow occurs when an arithmetic operation produces a value that exceeds the maximum (or minimum) size of the integer type used to store it. This vulnerability is classified as Integer Overflow or Wraparound (CWE-190).

Affected Products

Affected products: Apache Http Server

Remediation

Use safe integer arithmetic libraries. Check for overflow conditions before operations. Use appropriately sized integer types.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +38

POC: 0

Vendor Status

Ubuntu

Priority: Low

apache2

Release	Status	Version
trusty	needs-triage	-
xenial	needs-triage	-
bionic	needs-triage	-
focal	needs-triage	-
plucky	ignored	end of life, was needs-triage
jammy	released	2.4.52-1ubuntu4.18
noble	released	2.4.58-1ubuntu8.10
questing	released	2.4.64-1ubuntu3.2
upstream	released	2.4.66

USN-7968-1

Debian

Bug #1121926

apache2

Release	Status	Fixed Version	Urgency
bullseye	fixed	2.4.66-1~deb11u1	-
bullseye (security)	fixed	2.4.66-1~deb11u1	-
bookworm	fixed	2.4.66-1~deb12u1	-
bookworm (security)	vulnerable	2.4.62-1~deb12u2	-
trixie	fixed	2.4.66-1~deb13u1	-
forky, sid	fixed	2.4.66-8	-
(unstable)	fixed	2.4.66-1	-

DLA-4452-1

EUVD-2025-201395 vulnerability details – vuln.today

Back

EUVD-2025-201395

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

EUVD-2025-201395

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

External POC / Exploit Code