Integer Overflow Vulnerability in Apache HTTP Server
CVE-2025-55753

Currently unrated

Key Information:

Vendor: Apache
Status: Apache Http Server
Vendor: CVE Published:; 5 December 2025

What is CVE-2025-55753?

An integer overflow vulnerability exists in Apache HTTP Server that occurs during ACME certificate renewal processes. If renewal attempts fail several times, the backoff timer can reset to zero after approximately 30 days in default configurations. This results in repeated attempts to renew the certificate without any delay, potentially leading to excessive requests and service disruptions. To mitigate this risk, users are advised to update to Apache HTTP Server version 2.4.66 or later, which addresses this issue.

Affected Version(s)

Apache HTTP Server 2.4.30 < 2.4.66

References

https://httpd.apache.org/security/vulnerabilities_24.html

vendor-advisory

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 5, 2025
Vulnerability Reserved
Aug 15, 2025

Credit

Aisle Research

JSON