CVE-2025-54090

CVE-2025-54090: Apache HTTP Server: 'RewriteCond expr' always evaluates to true in 2.4.64

Vendor Apache Software Foundation

Product Apache HTTP Server

Weakness CWE-253

Published July 23, 2025

Last update November 4, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue.

Key dates

Disclosure timeline

July 23, 2025 CVE published

November 4, 2025 Record updated