CVE-2025-59775 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Server-Side Request Forgery (SSRF) vulnerability  in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off  allows to potentially l…
High CVSS: 7.5

CVE-2025-59775

Server-Side Request Forgery (SSRF) vulnerability

 in Apache HTTP Server on Windows

with AllowEncodedSlashes On and MergeSlashes Off  allows to potentially leak NTLM
hashes to a malicious server via SSRF and malicious requests or content

Users are recommended to upgrade to version 2.4.66, which fixes the issue.
Vendor
Apache
Product
Http Server
CWE
CWE-918
Yayın Tarihi
2025-12-05 11:15:52
Güncelleme
2025-12-10 16:40:04
Source Identifier
security@apache.org
KEV Date Added
-

Kategoriler

CWE-918 Http Server HIGH Apache 2025

Referanslar

https://httpd.apache.org/security/vulnerabilities_24.html http://www.openwall.com/lists/oss-security/2025/12/04/6