Integer Overflow Vulnerability in Apache HTTP Server
CVE-2025-55753

7.5HIGH

Key Information:

Vendor: Apache
Status: Apache Http Server
Vendor: CVE Published:; 5 December 2025

What is CVE-2025-55753?

An integer overflow vulnerability exists in Apache HTTP Server that occurs during ACME certificate renewal processes. If renewal attempts fail several times, the backoff timer can reset to zero after approximately 30 days in default configurations. This results in repeated attempts to renew the certificate without any delay, potentially leading to excessive requests and service disruptions. To mitigate this risk, users are advised to update to Apache HTTP Server version 2.4.66 or later, which addresses this issue.

Affected Version(s)

Apache HTTP Server 2.4.30 < 2.4.66

References

https://httpd.apache.org/security/vulnerabilities_24.html

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 5, 2025
Vulnerability Reserved
Aug 15, 2025

Credit

Aisle Research

JSON