Vulnerability-Lookup

CVE-2025-23048 (GCVE-0-2025-23048)

Vulnerability from cvelistv5 – Published: 2025-07-10 16:56 – Updated: 2026-02-26 17:50

Title

Apache HTTP Server: mod_ssl access control bypass with session resumption

Summary

In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption. Configurations are affected when mod_ssl is configured for multiple virtual hosts, with each restricted to a different set of trusted client certificates (for example with a different SSLCACertificateFile/Path setting). In such a case, a client trusted to access one virtual host may be able to access another virtual host, if SSLStrictSNIVHostCheck is not enabled in either virtual host.

Severity ?

No CVSS data available.

CWE

CWE-284 - Improper Access Control

Assigner

apache

References

1 reference

URL	Tags
https://httpd.apache.org/security/vulnerabilities…	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Apache Software Foundation	Apache HTTP Server	Affected: 2.4.35 , ≤ 2.4.63 (semver)

Credits

Sven Hebrok, Felix Cramer, Tim Storm, Maximilian Radoy, and Juraj Somorovsky at Paderborn University

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 9.1,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-23048",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-22T04:55:52.192669Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T17:50:47.700Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T21:09:37.109Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00009.html"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/07/10/2"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/07/10/8"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache HTTP Server",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "2.4.63",
              "status": "affected",
              "version": "2.4.35",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Sven Hebrok, Felix Cramer, Tim Storm, Maximilian Radoy, and Juraj Somorovsky at Paderborn University"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption.\u003cbr\u003e\u003cbr\u003eConfigurations are affected when mod_ssl is configured for multiple virtual hosts, with each restricted to a different set of trusted client certificates (for example with a different SSLCACertificateFile/Path setting). In such a case, a client trusted to access one virtual host may be able to access another virtual host, if SSLStrictSNIVHostCheck is not enabled in either virtual host.\u003cbr\u003e\u003cbr\u003e"
            }
          ],
          "value": "In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption.\n\nConfigurations are affected when mod_ssl is configured for multiple virtual hosts, with each restricted to a different set of trusted client certificates (for example with a different SSLCACertificateFile/Path setting). In such a case, a client trusted to access one virtual host may be able to access another virtual host, if SSLStrictSNIVHostCheck is not enabled in either virtual host."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "moderate"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284 Improper Access Control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-10T16:56:53.545Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2024-11-25T15:01:00.000Z",
          "value": "reported"
        }
      ],
      "title": "Apache HTTP Server: mod_ssl access control bypass with session resumption",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2025-23048",
    "datePublished": "2025-07-10T16:56:53.545Z",
    "dateReserved": "2025-01-10T15:11:45.480Z",
    "dateUpdated": "2026-02-26T17:50:47.700Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-23048",
      "date": "2026-05-21",
      "epss": "0.00096",
      "percentile": "0.26353"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-23048\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2025-07-10T17:15:46.553\",\"lastModified\":\"2025-11-04T22:16:06.920\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption.\\n\\nConfigurations are affected when mod_ssl is configured for multiple virtual hosts, with each restricted to a different set of trusted client certificates (for example with a different SSLCACertificateFile/Path setting). In such a case, a client trusted to access one virtual host may be able to access another virtual host, if SSLStrictSNIVHostCheck is not enabled in either virtual host.\"},{\"lang\":\"es\",\"value\":\"En algunas configuraciones de mod_ssl en Apache HTTP Server (versi\u00f3n 2.4.35 a 2.4.63), es posible que los clientes de confianza omitan el control de acceso mediante la reanudaci\u00f3n de sesi\u00f3n TLS 1.3. Las configuraciones se ven afectadas cuando mod_ssl se configura para varios hosts virtuales, cada uno restringido a un conjunto diferente de certificados de cliente de confianza (por ejemplo, con una configuraci\u00f3n SSLCACertificateFile/Path diferente). En tal caso, un cliente con acceso de confianza a un host virtual podr\u00eda acceder a otro si SSLStrictSNIVHostCheck no est\u00e1 habilitado en ninguno de los hosts virtuales.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.4.35\",\"versionEndExcluding\":\"2.4.64\",\"matchCriteriaId\":\"9F21E49A-F8C0-4FEB-BC09-4F4D9F6C5BA0\"}]}]}],\"references\":[{\"url\":\"https://httpd.apache.org/security/vulnerabilities_24.html\",\"source\":\"security@apache.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/07/10/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/07/10/8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/08/msg00009.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.debian.org/debian-lts-announce/2025/08/msg00009.html\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2025/07/10/2\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2025/07/10/8\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-04T21:09:37.109Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-23048\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-01-22T04:55:52.192669Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-07-11T16:06:18.233Z\"}}], \"cna\": {\"title\": \"Apache HTTP Server: mod_ssl access control bypass with session resumption\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Sven Hebrok, Felix Cramer, Tim Storm, Maximilian Radoy, and Juraj Somorovsky at Paderborn University\"}], \"metrics\": [{\"other\": {\"type\": \"Textual description of severity\", \"content\": {\"text\": \"moderate\"}}}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache HTTP Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.4.35\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"2.4.63\"}], \"defaultStatus\": \"unaffected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2024-11-25T15:01:00.000Z\", \"value\": \"reported\"}], \"references\": [{\"url\": \"https://httpd.apache.org/security/vulnerabilities_24.html\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption.\\n\\nConfigurations are affected when mod_ssl is configured for multiple virtual hosts, with each restricted to a different set of trusted client certificates (for example with a different SSLCACertificateFile/Path setting). In such a case, a client trusted to access one virtual host may be able to access another virtual host, if SSLStrictSNIVHostCheck is not enabled in either virtual host.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption.\u003cbr\u003e\u003cbr\u003eConfigurations are affected when mod_ssl is configured for multiple virtual hosts, with each restricted to a different set of trusted client certificates (for example with a different SSLCACertificateFile/Path setting). In such a case, a client trusted to access one virtual host may be able to access another virtual host, if SSLStrictSNIVHostCheck is not enabled in either virtual host.\u003cbr\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-284\", \"description\": \"CWE-284 Improper Access Control\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2025-07-10T16:56:53.545Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-23048\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-26T17:50:47.700Z\", \"dateReserved\": \"2025-01-10T15:11:45.480Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2025-07-10T16:56:53.545Z\", \"assignerShortName\": \"apache\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

CERTFR-2025-AVI-0586

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Apache HTTP Server. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	Apache	HTTP Server	Apache HTTP Server versions antérieures à 2.4.64

References

Title

Publication Time

Tags

Bulletin de sécurité Apache HTTP Server CHANGES_2.4.64

2025-07-10

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apache HTTP Server versions ant\u00e9rieures \u00e0 2.4.64",
      "product": {
        "name": "HTTP Server",
        "vendor": {
          "name": "Apache",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-23048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23048"
    },
    {
      "name": "CVE-2025-49812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49812"
    },
    {
      "name": "CVE-2024-43204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43204"
    },
    {
      "name": "CVE-2025-53020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53020"
    },
    {
      "name": "CVE-2024-47252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47252"
    },
    {
      "name": "CVE-2025-49630",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49630"
    },
    {
      "name": "CVE-2024-42516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42516"
    },
    {
      "name": "CVE-2024-43394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43394"
    }
  ],
  "links": [],
  "reference": "CERTFR-2025-AVI-0586",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-07-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Apache HTTP Server. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apache HTTP Server",
  "vendor_advisories": [
    {
      "published_at": "2025-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Apache HTTP Server CHANGES_2.4.64",
      "url": "https://downloads.apache.org/httpd/CHANGES_2.4.64"
    }
  ]
}

CERTFR-2025-AVI-0740

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Tenable Security Center. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	Tenable	Security Center	Security Center sans le correctif de sécurité Patch SC-202508.1

References

Title

Publication Time

Tags

Bulletin de sécurité Tenable tns-2025-17

2025-08-28

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Security Center sans le correctif de s\u00e9curit\u00e9 Patch SC-202508.1",
      "product": {
        "name": "Security Center",
        "vendor": {
          "name": "Tenable",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-23048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23048"
    },
    {
      "name": "CVE-2025-49812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49812"
    },
    {
      "name": "CVE-2024-43204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43204"
    },
    {
      "name": "CVE-2025-6965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
    },
    {
      "name": "CVE-2025-53020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53020"
    },
    {
      "name": "CVE-2024-47252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47252"
    },
    {
      "name": "CVE-2025-6491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6491"
    },
    {
      "name": "CVE-2025-49630",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49630"
    },
    {
      "name": "CVE-2024-42516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42516"
    }
  ],
  "links": [],
  "reference": "CERTFR-2025-AVI-0740",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-08-29T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Security Center. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable Security Center",
  "vendor_advisories": [
    {
      "published_at": "2025-08-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2025-17",
      "url": "https://www.tenable.com/security/tns-2025-17"
    }
  ]
}

CERTFR-2025-AVI-0751

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
VMware	Tanzu Platform	Tanzu Platform for Cloud Foundry versions antérieures à 10.0.9
VMware	Tanzu Platform	Tanzu Platform for Cloud Foundry versions antérieures à 10.2.2+LTS-T
VMware	Tanzu Platform	Tanzu Platform for Cloud Foundry versions antérieures à 6.0.19+LTS-T

References

Title

Publication Time

Tags

Bulletin de sécurité VMware TNZ-2025-0071	2025-09-02	vendor-advisory
Bulletin de sécurité VMware TNZ-2025-0069	2025-09-02	vendor-advisory
Bulletin de sécurité VMware TNZ-2025-0070	2025-09-02	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Tanzu Platform for Cloud Foundry versions ant\u00e9rieures \u00e0 10.0.9",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Platform for Cloud Foundry versions ant\u00e9rieures \u00e0 10.2.2+LTS-T",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Platform for Cloud Foundry versions ant\u00e9rieures \u00e0 6.0.19+LTS-T",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-30681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30681"
    },
    {
      "name": "CVE-2025-23048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23048"
    },
    {
      "name": "CVE-2025-30689",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30689"
    },
    {
      "name": "CVE-2025-30715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30715"
    },
    {
      "name": "CVE-2025-30682",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30682"
    },
    {
      "name": "CVE-2025-49812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49812"
    },
    {
      "name": "CVE-2025-0913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
    },
    {
      "name": "CVE-2025-47907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
    },
    {
      "name": "CVE-2025-30703",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30703"
    },
    {
      "name": "CVE-2025-4330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
    },
    {
      "name": "CVE-2025-4138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
    },
    {
      "name": "CVE-2025-30696",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30696"
    },
    {
      "name": "CVE-2025-21584",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21584"
    },
    {
      "name": "CVE-2025-27209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27209"
    },
    {
      "name": "CVE-2025-50106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
    },
    {
      "name": "CVE-2025-30683",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30683"
    },
    {
      "name": "CVE-2025-30699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30699"
    },
    {
      "name": "CVE-2025-30399",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30399"
    },
    {
      "name": "CVE-2025-30754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
    },
    {
      "name": "CVE-2025-23167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23167"
    },
    {
      "name": "CVE-2024-43204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43204"
    },
    {
      "name": "CVE-2025-4517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
    },
    {
      "name": "CVE-2025-21574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21574"
    },
    {
      "name": "CVE-2025-4674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4674"
    },
    {
      "name": "CVE-2025-21580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21580"
    },
    {
      "name": "CVE-2025-7783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
    },
    {
      "name": "CVE-2025-21575",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21575"
    },
    {
      "name": "CVE-2025-4435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
    },
    {
      "name": "CVE-2025-21577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21577"
    },
    {
      "name": "CVE-2025-49007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49007"
    },
    {
      "name": "CVE-2025-22868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
    },
    {
      "name": "CVE-2024-12718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
    },
    {
      "name": "CVE-2025-23165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23165"
    },
    {
      "name": "CVE-2025-30705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30705"
    },
    {
      "name": "CVE-2025-50088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50088"
    },
    {
      "name": "CVE-2025-1217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1217"
    },
    {
      "name": "CVE-2025-53020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53020"
    },
    {
      "name": "CVE-2025-30684",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30684"
    },
    {
      "name": "CVE-2025-22874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
    },
    {
      "name": "CVE-2025-50059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
    },
    {
      "name": "CVE-2025-21579",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21579"
    },
    {
      "name": "CVE-2024-47252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47252"
    },
    {
      "name": "CVE-2025-4673",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
    },
    {
      "name": "CVE-2025-30721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30721"
    },
    {
      "name": "CVE-2025-1736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1736"
    },
    {
      "name": "CVE-2025-23166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23166"
    },
    {
      "name": "CVE-2025-1734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1734"
    },
    {
      "name": "CVE-2025-4516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4516"
    },
    {
      "name": "CVE-2025-30687",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30687"
    },
    {
      "name": "CVE-2025-30749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
    },
    {
      "name": "CVE-2025-7339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7339"
    },
    {
      "name": "CVE-2025-30704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30704"
    },
    {
      "name": "CVE-2025-30693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30693"
    },
    {
      "name": "CVE-2025-21585",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21585"
    },
    {
      "name": "CVE-2025-30204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
    },
    {
      "name": "CVE-2025-21581",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21581"
    },
    {
      "name": "CVE-2025-30685",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30685"
    },
    {
      "name": "CVE-2025-30695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30695"
    },
    {
      "name": "CVE-2025-30688",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30688"
    },
    {
      "name": "CVE-2025-1861",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1861"
    },
    {
      "name": "CVE-2025-21588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21588"
    },
    {
      "name": "CVE-2025-49630",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49630"
    },
    {
      "name": "CVE-2025-1219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1219"
    },
    {
      "name": "CVE-2024-42516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42516"
    },
    {
      "name": "CVE-2024-43394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43394"
    }
  ],
  "links": [],
  "reference": "CERTFR-2025-AVI-0751",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-09-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
  "vendor_advisories": [
    {
      "published_at": "2025-09-02",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware TNZ-2025-0071",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36077"
    },
    {
      "published_at": "2025-09-02",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware TNZ-2025-0069",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36075"
    },
    {
      "published_at": "2025-09-02",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware TNZ-2025-0070",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36076"
    }
  ]
}

CERTFR-2025-AVI-1065

Vulnerability from certfr_avis - Published: 2025-12-05 - Updated: 2025-12-05

De multiples vulnérabilités ont été découvertes dans NetApp ONTAP. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
NetApp	ONTAP	ONTAP versions 9.13.x antérieures à 9.13.1P18
NetApp	ONTAP	ONTAP versions 9.16.x antérieures à 9.16.1P9
NetApp	ONTAP	ONTAP versions 9.14.x antérieures à 9.14.1P15
NetApp	ONTAP	ONTAP versions 9.17.x antérieures à 9.17.1P1
NetApp	ONTAP tools pour VMware vSphere 10	ONTAP tools pour VMware vSphere 10 versions antérieures à 10.4
NetApp	ONTAP	ONTAP versions 9.15.x antérieures à 9.15.1P13

References

Title

Publication Time

Tags

Bulletin de sécurité NetApp NTAP-20250613-0007	2025-12-05	vendor-advisory
Bulletin de sécurité NetApp NTAP-20250613-0006	2025-12-05	vendor-advisory
Bulletin de sécurité NetApp NTAP-20250718-0013	2025-12-05	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "ONTAP versions 9.13.x ant\u00e9rieures \u00e0 9.13.1P18",
      "product": {
        "name": "ONTAP",
        "vendor": {
          "name": "NetApp",
          "scada": false
        }
      }
    },
    {
      "description": "ONTAP versions 9.16.x ant\u00e9rieures \u00e0 9.16.1P9",
      "product": {
        "name": "ONTAP",
        "vendor": {
          "name": "NetApp",
          "scada": false
        }
      }
    },
    {
      "description": "ONTAP versions 9.14.x ant\u00e9rieures \u00e0 9.14.1P15",
      "product": {
        "name": "ONTAP",
        "vendor": {
          "name": "NetApp",
          "scada": false
        }
      }
    },
    {
      "description": "ONTAP versions 9.17.x ant\u00e9rieures \u00e0 9.17.1P1",
      "product": {
        "name": "ONTAP",
        "vendor": {
          "name": "NetApp",
          "scada": false
        }
      }
    },
    {
      "description": "ONTAP tools pour VMware vSphere 10 versions ant\u00e9rieures \u00e0 10.4",
      "product": {
        "name": "ONTAP tools pour VMware vSphere 10",
        "vendor": {
          "name": "NetApp",
          "scada": false
        }
      }
    },
    {
      "description": "ONTAP versions 9.15.x ant\u00e9rieures \u00e0 9.15.1P13",
      "product": {
        "name": "ONTAP",
        "vendor": {
          "name": "NetApp",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-23048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23048"
    },
    {
      "name": "CVE-2025-49812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49812"
    },
    {
      "name": "CVE-2024-43204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43204"
    },
    {
      "name": "CVE-2025-53020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53020"
    },
    {
      "name": "CVE-2024-47252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47252"
    },
    {
      "name": "CVE-2024-55549",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55549"
    },
    {
      "name": "CVE-2025-24855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24855"
    },
    {
      "name": "CVE-2025-49630",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49630"
    },
    {
      "name": "CVE-2024-42516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42516"
    },
    {
      "name": "CVE-2024-43394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43394"
    }
  ],
  "initial_release_date": "2025-12-05T00:00:00",
  "last_revision_date": "2025-12-05T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-1065",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-12-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans NetApp ONTAP. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans NetApp ONTAP",
  "vendor_advisories": [
    {
      "published_at": "2025-12-05",
      "title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20250613-0007",
      "url": "https://security.netapp.com/advisory/NTAP-20250613-0007"
    },
    {
      "published_at": "2025-12-05",
      "title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20250613-0006",
      "url": "https://security.netapp.com/advisory/NTAP-20250613-0006"
    },
    {
      "published_at": "2025-12-05",
      "title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20250718-0013",
      "url": "https://security.netapp.com/advisory/NTAP-20250718-0013"
    }
  ]
}

CERTFR-2026-AVI-0162

Vulnerability from certfr_avis - Published: 2026-02-13 - Updated: 2026-02-13

De multiples vulnérabilités ont été découvertes dans Juniper Networks Secure Analytics. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, un déni de service à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	Juniper Networks	Secure Analytics	Secure Analytics versions 7.5.x antérieures à 7.5.0 UP14 IF01

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper Networks On-Demand-JSA-Series-Multiple-vulnerabilities-resolved-in-Juniper-Secure-Analytics-in-7-5-0-UP14-IF01

2026-02-12

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Secure Analytics versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP14 IF01",
      "product": {
        "name": "Secure Analytics",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-6395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6395"
    },
    {
      "name": "CVE-2025-22026",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22026"
    },
    {
      "name": "CVE-2025-23048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23048"
    },
    {
      "name": "CVE-2025-49812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49812"
    },
    {
      "name": "CVE-2025-39757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39757"
    },
    {
      "name": "CVE-2025-55752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
    },
    {
      "name": "CVE-2025-38461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38461"
    },
    {
      "name": "CVE-2025-38527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38527"
    },
    {
      "name": "CVE-2025-38449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38449"
    },
    {
      "name": "CVE-2025-39730",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39730"
    },
    {
      "name": "CVE-2020-16971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-16971"
    },
    {
      "name": "CVE-2025-5318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5318"
    },
    {
      "name": "CVE-2025-37797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37797"
    },
    {
      "name": "CVE-2025-61795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
    },
    {
      "name": "CVE-2023-53125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-53125"
    },
    {
      "name": "CVE-2025-32990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32990"
    },
    {
      "name": "CVE-2025-41244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-41244"
    },
    {
      "name": "CVE-2022-49985",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49985"
    },
    {
      "name": "CVE-2025-38556",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38556"
    },
    {
      "name": "CVE-2024-47252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47252"
    },
    {
      "name": "CVE-2025-38718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38718"
    },
    {
      "name": "CVE-2025-38392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38392"
    },
    {
      "name": "CVE-2023-53373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-53373"
    },
    {
      "name": "CVE-2025-32988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32988"
    },
    {
      "name": "CVE-2025-38352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38352"
    },
    {
      "name": "CVE-2025-38350",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38350"
    },
    {
      "name": "CVE-2025-40928",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40928"
    },
    {
      "name": "CVE-2022-50087",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-50087"
    },
    {
      "name": "CVE-2025-38498",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38498"
    },
    {
      "name": "CVE-2025-49630",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49630"
    },
    {
      "name": "CVE-2024-47619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47619"
    }
  ],
  "initial_release_date": "2026-02-13T00:00:00",
  "last_revision_date": "2026-02-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0162",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-02-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Juniper Networks Secure Analytics. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Juniper Networks Secure Analytics",
  "vendor_advisories": [
    {
      "published_at": "2026-02-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks On-Demand-JSA-Series-Multiple-vulnerabilities-resolved-in-Juniper-Secure-Analytics-in-7-5-0-UP14-IF01",
      "url": "https://supportportal.juniper.net/s/article/On-Demand-JSA-Series-Multiple-vulnerabilities-resolved-in-Juniper-Secure-Analytics-in-7-5-0-UP14-IF01"
    }
  ]
}

alsa-2025:15023

Vulnerability from osv_almalinux

Published

2025-09-02 00:00

Modified

2025-09-29 09:03

Summary

Moderate: httpd security update

Details

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

Security Fix(es):

httpd: insufficient escaping of user-supplied data in mod_ssl (CVE-2024-47252)
httpd: mod_ssl: access control bypass by trusted clients is possible using TLS 1.3 session resumption (CVE-2025-23048)
httpd: HTTP Session Hijack via a TLS upgrade (CVE-2025-49812)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2025:15023	ADVISORY
	https://access.redhat.com/security/cve/CVE-2024-47252	REPORT
	https://access.redhat.com/security/cve/CVE-2025-23048	REPORT
	https://access.redhat.com/security/cve/CVE-2025-49812	REPORT
	https://bugzilla.redhat.com/2374571	REPORT
	https://bugzilla.redhat.com/2374576	REPORT
	https://bugzilla.redhat.com/2374580	REPORT
	https://errata.almalinux.org/9/ALSA-2025-15023.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "httpd"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.62-4.el9_6.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "httpd-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.62-4.el9_6.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "httpd-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.62-4.el9_6.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "httpd-filesystem"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.62-4.el9_6.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "httpd-manual"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.62-4.el9_6.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "httpd-tools"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.62-4.el9_6.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "mod_ldap"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.62-4.el9_6.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "mod_lua"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.62-4.el9_6.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "mod_proxy_html"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.4.62-4.el9_6.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "mod_session"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.62-4.el9_6.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "mod_ssl"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.4.62-4.el9_6.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.  \n\nSecurity Fix(es):  \n\n  * httpd: insufficient escaping of user-supplied data in mod_ssl (CVE-2024-47252)\n  * httpd: mod_ssl: access control bypass by trusted clients is possible using TLS 1.3 session resumption (CVE-2025-23048)\n  * httpd: HTTP Session Hijack via a TLS upgrade (CVE-2025-49812)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2025:15023",
  "modified": "2025-09-29T09:03:21Z",
  "published": "2025-09-02T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2025:15023"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-47252"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-23048"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-49812"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2374571"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2374576"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2374580"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2025-15023.html"
    }
  ],
  "related": [
    "CVE-2024-47252",
    "CVE-2025-23048",
    "CVE-2025-49812"
  ],
  "summary": "Moderate: httpd security update"
}

alsa-2025:15095

Vulnerability from osv_almalinux

Published

2025-09-02 00:00

Modified

2025-09-03 08:58

Summary

Moderate: httpd security update

Details

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

Security Fix(es):

httpd: insufficient escaping of user-supplied data in mod_ssl (CVE-2024-47252)
httpd: mod_ssl: access control bypass by trusted clients is possible using TLS 1.3 session resumption (CVE-2025-23048)
httpd: HTTP Session Hijack via a TLS upgrade (CVE-2025-49812)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2025:15095	ADVISORY
	https://access.redhat.com/security/cve/CVE-2024-47252	REPORT
	https://access.redhat.com/security/cve/CVE-2025-23048	REPORT
	https://access.redhat.com/security/cve/CVE-2025-49812	REPORT
	https://bugzilla.redhat.com/2374571	REPORT
	https://bugzilla.redhat.com/2374576	REPORT
	https://bugzilla.redhat.com/2374580	REPORT
	https://errata.almalinux.org/10/ALSA-2025-15095.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "httpd-filesystem"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.63-1.el10_0.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "httpd-manual"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.63-1.el10_0.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.  \n\nSecurity Fix(es):  \n\n  * httpd: insufficient escaping of user-supplied data in mod_ssl (CVE-2024-47252)\n  * httpd: mod_ssl: access control bypass by trusted clients is possible using TLS 1.3 session resumption (CVE-2025-23048)\n  * httpd: HTTP Session Hijack via a TLS upgrade (CVE-2025-49812)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2025:15095",
  "modified": "2025-09-03T08:58:50Z",
  "published": "2025-09-02T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2025:15095"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-47252"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-23048"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-49812"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2374571"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2374576"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2374580"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/10/ALSA-2025-15095.html"
    }
  ],
  "related": [
    "CVE-2024-47252",
    "CVE-2025-23048",
    "CVE-2025-49812"
  ],
  "summary": "Moderate: httpd security update"
}

alsa-2025:15123

Vulnerability from osv_almalinux

Published

2025-09-03 00:00

Modified

2025-09-04 10:27

Summary

Moderate: httpd:2.4 security update

Details

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

Security Fix(es):

httpd: insufficient escaping of user-supplied data in mod_ssl (CVE-2024-47252)
httpd: mod_ssl: access control bypass by trusted clients is possible using TLS 1.3 session resumption (CVE-2025-23048)
httpd: mod_proxy_http2: untrusted input from a client causes an assertion to fail in the Apache mod_proxy_http2 module (CVE-2025-49630)
httpd: HTTP Session Hijack via a TLS upgrade (CVE-2025-49812)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2025:15123	ADVISORY
	https://access.redhat.com/security/cve/CVE-2024-47252	REPORT
	https://access.redhat.com/security/cve/CVE-2025-23048	REPORT
	https://access.redhat.com/security/cve/CVE-2025-49630	REPORT
	https://access.redhat.com/security/cve/CVE-2025-49812	REPORT
	https://bugzilla.redhat.com/2374571	REPORT
	https://bugzilla.redhat.com/2374576	REPORT
	https://bugzilla.redhat.com/2374578	REPORT
	https://bugzilla.redhat.com/2374580	REPORT
	https://errata.almalinux.org/8/ALSA-2025-15123.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "httpd"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.37-65.module_el8.10.0+4044+ea5f78b1.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "httpd-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.37-65.module_el8.10.0+4044+ea5f78b1.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "httpd-filesystem"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.37-65.module_el8.10.0+4044+ea5f78b1.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "httpd-manual"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.37-65.module_el8.10.0+4044+ea5f78b1.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "httpd-tools"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.37-65.module_el8.10.0+4044+ea5f78b1.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mod_http2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.15.7-10.module_el8.10.0+4044+ea5f78b1.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mod_ldap"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.37-65.module_el8.10.0+4044+ea5f78b1.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mod_md"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.0.8-8.module_el8.6.0+2872+fe0ff7aa"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mod_md"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.0.8-8.module_el8.6.0+3031+fb177b09"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mod_proxy_html"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.4.37-65.module_el8.10.0+4044+ea5f78b1.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mod_session"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.37-65.module_el8.10.0+4044+ea5f78b1.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mod_ssl"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.4.37-65.module_el8.10.0+4044+ea5f78b1.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.  \n\nSecurity Fix(es):  \n\n  * httpd: insufficient escaping of user-supplied data in mod_ssl (CVE-2024-47252)\n  * httpd: mod_ssl: access control bypass by trusted clients is possible using TLS 1.3 session resumption (CVE-2025-23048)\n  * httpd: mod_proxy_http2: untrusted input from a client causes an assertion to fail in the Apache mod_proxy_http2 module (CVE-2025-49630)\n  * httpd: HTTP Session Hijack via a TLS upgrade (CVE-2025-49812)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2025:15123",
  "modified": "2025-09-04T10:27:23Z",
  "published": "2025-09-03T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2025:15123"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-47252"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-23048"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-49630"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-49812"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2374571"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2374576"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2374578"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2374580"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2025-15123.html"
    }
  ],
  "related": [
    "CVE-2024-47252",
    "CVE-2025-23048",
    "CVE-2025-49630",
    "CVE-2025-49812"
  ],
  "summary": "Moderate: httpd:2.4 security update"
}

BDU:2025-08976

Vulnerability from fstec - Published: 25.11.2024

Title

Уязвимость функции mod_ssl веб-сервера Apache HTTP Server, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Description

Уязвимость функции mod_ssl веб-сервера Apache HTTP Server связана с ошибками разграничения доступа. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, получить несанкционированный доступ к защищаемой информации

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Vendor

Novell Inc., Red Hat Inc., Сообщество свободного программного обеспечения, ООО «Ред Софт», ООО «РусБИТех-Астра», АО «ИВК», Apache Software Foundation, АО "НППКТ", ООО «НЦПР»

Software Name

Suse Linux Enterprise Desktop, SUSE Linux Enterprise Server for SAP Applications, OpenSUSE Leap, Red Hat Enterprise Linux, Suse Linux Enterprise Server, Debian GNU/Linux, РЕД ОС (запись в едином реестре российских программ №3751), Astra Linux Special Edition (запись в едином реестре российских программ №369), Альт 8 СП (запись в едином реестре российских программ №4305), openSUSE Leap Micro, Astra Linux Common Edition (запись в едином реестре российских программ №4433), Red Hat JBoss Core Services, SUSE Liberty Linux, HTTP Server, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), МСВСфера

Software Version

12 SP3 (Suse Linux Enterprise Desktop), 12 SP4 (Suse Linux Enterprise Desktop), 12 SP2 (SUSE Linux Enterprise Server for SAP Applications), 12 SP3 (SUSE Linux Enterprise Server for SAP Applications), 12 SP4 (SUSE Linux Enterprise Server for SAP Applications), 15.5 (OpenSUSE Leap), 8 (Red Hat Enterprise Linux), 12 SP1 (SUSE Linux Enterprise Server for SAP Applications), 15 SP1 (SUSE Linux Enterprise Server for SAP Applications), 12 SP5 (Suse Linux Enterprise Server), 12 SP5 (SUSE Linux Enterprise Server for SAP Applications), 12 SP2 (Suse Linux Enterprise Desktop), 12 SP1 (Suse Linux Enterprise Desktop), 11 SP2 (Suse Linux Enterprise Desktop), 11 SP4 (Suse Linux Enterprise Desktop), 11 SP3 (Suse Linux Enterprise Desktop), 15.3 (OpenSUSE Leap), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 7.3 (РЕД ОС), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), 15.4 (OpenSUSE Leap), 15 SP3 (Suse Linux Enterprise Server), 15 SP3 (SUSE Linux Enterprise Server for SAP Applications), 15 SP3 (Suse Linux Enterprise Desktop), 15 SP2 (SUSE Linux Enterprise Server for SAP Applications), - (Альт 8 СП), 15 SP4 (Suse Linux Enterprise Server), 15 SP2 (Suse Linux Enterprise Desktop), 15 SP4 (Suse Linux Enterprise Desktop), 15 SP4 (SUSE Linux Enterprise Server for SAP Applications), 9 (Red Hat Enterprise Linux), 15 SP1 (Suse Linux Enterprise Desktop), 15 (Suse Linux Enterprise Desktop), 5.2 (openSUSE Leap Micro), 5.3 (openSUSE Leap Micro), 15 SP3-LTSS (Suse Linux Enterprise Server), 15 SP5 (SUSE Linux Enterprise Server for SAP Applications), 15 SP5 (Suse Linux Enterprise Server), 15 SP5 (Suse Linux Enterprise Desktop), 1.6 «Смоленск» (Astra Linux Common Edition), - (Red Hat JBoss Core Services), 5.4 (openSUSE Leap Micro), 5.5 (openSUSE Leap Micro), 9 (SUSE Liberty Linux), 15 SP4-LTSS (Suse Linux Enterprise Server), 15 SP6 (Suse Linux Enterprise Desktop), 15 SP6 (Suse Linux Enterprise Server), 15 SP6 (SUSE Linux Enterprise Server for SAP Applications), 15.6 (OpenSUSE Leap), 1.8 (Astra Linux Special Edition), 12 SP5-LTSS (Suse Linux Enterprise Server), 12 SP5 LTSS Extended Security (Suse Linux Enterprise Server), 15 SP5-LTSS (Suse Linux Enterprise Server), 15 SP7 (Suse Linux Enterprise Desktop), 15 SP7 (Suse Linux Enterprise Server), 15 SP7 (SUSE Linux Enterprise Server for SAP Applications), 10 (Red Hat Enterprise Linux), от 2.4.35 до 2.4.64 (HTTP Server), до 2.14 (ОСОН ОСнова Оnyx), 9.5 (МСВСфера), 3.8 (Astra Linux Special Edition)

Possible Mitigations

В условиях отсутствия обновлений безопасности от производителя рекомендуется придерживаться "Рекомендаций по безопасной настройке операционных систем LINUX", изложенных в методическом документе ФСТЭК России, утверждённом 25 декабря 2022 года. Использование рекомендаций: Для Apache HTTP Server: https://httpd.apache.org/security/vulnerabilities_24.html Для программных продуктов Red Hat Inc.: https://access.redhat.com/security/cve/cve-2025-23048 Для Debian GNU/Linux: https://security-tracker.debian.org/tracker/CVE-2025-23048 Для программных продуктов Novell Inc.: https://www.suse.com/security/cve/CVE-2025-23048.html Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/ Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства: https://altsp.su/obnovleniya-bezopasnosti/ Для ОС Astra Linux: обновить пакет apache2 до 2.4.62-3astra.se2~7 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-0923SE17 Обновление программного обеспечения apache2 до версии 2.4.65-1~deb11u1.osnova2u1 Для ОС Astra Linux: обновить пакет apache2 до 2.4.62-3astra.se2~7 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-1020SE47 Для МСВСфера: https://errata.msvsphere-os.ru/definition/9/INFCSA-2025:15023?lang=ru Для ОС Astra Linux: обновить пакет apache2 до 2.4.65-3astra.se1 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-1113SE18 Для ОС Astra Linux: обновить пакет apache2 до 2.4.46-1~bpo9+1astra.se14 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20251225SE16 Для ОС Astra Linux: обновить пакет apache2 до 2.4.65-3astra.se1 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se38-bulletin-2026-0126SE38 Для ОС Astra Linux: обновить пакет apache2 до 2.4.65-3astra.se1 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se38-bulletin-2026-0126SE38

Reference

https://httpd.apache.org/security/vulnerabilities_24.html https://access.redhat.com/security/cve/cve-2025-23048 https://security-tracker.debian.org/tracker/CVE-2025-23048 https://www.suse.com/security/cve/CVE-2025-23048.html http://repo.red-soft.ru/redos/7.3c/x86_64/updates/ https://altsp.su/obnovleniya-bezopasnosti/ https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-0923SE17 https://github.com/absholi7ly/CVE-2025-23048-POC https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.14/ https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-1020SE47 https://errata.msvsphere-os.ru/definition/9/INFCSA-2025:15023?lang=ru https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-1113SE18 https://wiki.astralinux.ru/astra-linux-se16-bulletin-20251225SE16 https://wiki.astralinux.ru/astra-linux-se38-bulletin-2026-0126SE38 https://wiki.astralinux.ru/astra-linux-se38-bulletin-2026-0126SE38

CWE

CWE-284

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:N",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Novell Inc., Red Hat Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, Apache Software Foundation, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", \u041e\u041e\u041e \u00ab\u041d\u0426\u041f\u0420\u00bb",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "12 SP3 (Suse Linux Enterprise Desktop), 12 SP4 (Suse Linux Enterprise Desktop), 12 SP2 (SUSE Linux Enterprise Server for SAP Applications), 12 SP3 (SUSE Linux Enterprise Server for SAP Applications), 12 SP4 (SUSE Linux Enterprise Server for SAP Applications), 15.5 (OpenSUSE Leap), 8 (Red Hat Enterprise Linux), 12 SP1 (SUSE Linux Enterprise Server for SAP Applications), 15 SP1 (SUSE Linux Enterprise Server for SAP Applications), 12 SP5 (Suse Linux Enterprise Server), 12 SP5 (SUSE Linux Enterprise Server for SAP Applications), 12 SP2 (Suse Linux Enterprise Desktop), 12 SP1 (Suse Linux Enterprise Desktop), 11 SP2 (Suse Linux Enterprise Desktop), 11 SP4 (Suse Linux Enterprise Desktop), 11 SP3 (Suse Linux Enterprise Desktop), 15.3 (OpenSUSE Leap), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 7.3 (\u0420\u0415\u0414 \u041e\u0421), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), 15.4 (OpenSUSE Leap), 15 SP3 (Suse Linux Enterprise Server), 15 SP3 (SUSE Linux Enterprise Server for SAP Applications), 15 SP3 (Suse Linux Enterprise Desktop), 15 SP2 (SUSE Linux Enterprise Server for SAP Applications), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f), 15 SP4 (Suse Linux Enterprise Server), 15 SP2 (Suse Linux Enterprise Desktop), 15 SP4 (Suse Linux Enterprise Desktop), 15 SP4 (SUSE Linux Enterprise Server for SAP Applications), 9 (Red Hat Enterprise Linux), 15 SP1 (Suse Linux Enterprise Desktop), 15 (Suse Linux Enterprise Desktop), 5.2 (openSUSE Leap Micro), 5.3 (openSUSE Leap Micro), 15 SP3-LTSS (Suse Linux Enterprise Server), 15 SP5 (SUSE Linux Enterprise Server for SAP Applications), 15 SP5 (Suse Linux Enterprise Server), 15 SP5 (Suse Linux Enterprise Desktop), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Common Edition), - (Red Hat JBoss Core Services), 5.4 (openSUSE Leap Micro), 5.5 (openSUSE Leap Micro), 9 (SUSE Liberty Linux), 15 SP4-LTSS (Suse Linux Enterprise Server), 15 SP6 (Suse Linux Enterprise Desktop), 15 SP6 (Suse Linux Enterprise Server), 15 SP6 (SUSE Linux Enterprise Server for SAP Applications), 15.6 (OpenSUSE Leap), 1.8 (Astra Linux Special Edition), 12 SP5-LTSS (Suse Linux Enterprise Server), 12 SP5 LTSS Extended Security (Suse Linux Enterprise Server), 15 SP5-LTSS (Suse Linux Enterprise Server), 15 SP7 (Suse Linux Enterprise Desktop), 15 SP7 (Suse Linux Enterprise Server), 15 SP7 (SUSE Linux Enterprise Server for SAP Applications), 10 (Red Hat Enterprise Linux), \u043e\u0442 2.4.35 \u0434\u043e 2.4.64 (HTTP Server), \u0434\u043e 2.14 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), 9.5 (\u041c\u0421\u0412\u0421\u0444\u0435\u0440\u0430), 3.8 (Astra Linux Special Edition)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0412 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043e\u0442 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043f\u0440\u0438\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0442\u044c\u0441\u044f \"\u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c LINUX\", \u0438\u0437\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u0445 \u0432 \u043c\u0435\u0442\u043e\u0434\u0438\u0447\u0435\u0441\u043a\u043e\u043c \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0435 \u0424\u0421\u0422\u042d\u041a \u0420\u043e\u0441\u0441\u0438\u0438, \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0451\u043d\u043d\u043e\u043c 25 \u0434\u0435\u043a\u0430\u0431\u0440\u044f 2022 \u0433\u043e\u0434\u0430.\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Apache HTTP Server:\nhttps://httpd.apache.org/security/vulnerabilities_24.html\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/cve-2025-23048\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2025-23048\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2025-23048.html\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430: https://altsp.su/obnovleniya-bezopasnosti/\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 apache2 \u0434\u043e 2.4.62-3astra.se2~7 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-0923SE17\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f apache2 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.4.65-1~deb11u1.osnova2u1\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 apache2 \u0434\u043e 2.4.62-3astra.se2~7 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-1020SE47\n\n\u0414\u043b\u044f \u041c\u0421\u0412\u0421\u0444\u0435\u0440\u0430: https://errata.msvsphere-os.ru/definition/9/INFCSA-2025:15023?lang=ru\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 apache2 \u0434\u043e 2.4.65-3astra.se1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-1113SE18\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 apache2 \u0434\u043e 2.4.46-1~bpo9+1astra.se14 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20251225SE16\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 apache2 \u0434\u043e 2.4.65-3astra.se1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se38-bulletin-2026-0126SE38\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 apache2 \u0434\u043e 2.4.65-3astra.se1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se38-bulletin-2026-0126SE38",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "25.11.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "16.02.2026",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "24.07.2025",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-08976",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-23048",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Suse Linux Enterprise Desktop, SUSE Linux Enterprise Server for SAP Applications, OpenSUSE Leap, Red Hat Enterprise Linux, Suse Linux Enterprise Server, Debian GNU/Linux, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), openSUSE Leap Micro, Astra Linux Common Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164433), Red Hat JBoss Core Services, SUSE Liberty Linux, HTTP Server, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u041c\u0421\u0412\u0421\u0444\u0435\u0440\u0430",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Novell Inc. Suse Linux Enterprise Desktop 12 SP3 , Novell Inc. Suse Linux Enterprise Desktop 12 SP4 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP2 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP3 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP4 , Novell Inc. OpenSUSE Leap 15.5 , Red Hat Inc. Red Hat Enterprise Linux 8 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP1 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP1 , Novell Inc. Suse Linux Enterprise Server 12 SP5 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP5 , Novell Inc. Suse Linux Enterprise Desktop 12 SP2 , Novell Inc. Suse Linux Enterprise Desktop 12 SP1 , Novell Inc. Suse Linux Enterprise Desktop 11 SP2 , Novell Inc. Suse Linux Enterprise Desktop 11 SP4 , Novell Inc. Suse Linux Enterprise Desktop 11 SP3 , Novell Inc. OpenSUSE Leap 15.3 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 12 , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Novell Inc. OpenSUSE Leap 15.4 , Novell Inc. Suse Linux Enterprise Server 15 SP3 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP3 , Novell Inc. Suse Linux Enterprise Desktop 15 SP3 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP2 , \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f -  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), Novell Inc. Suse Linux Enterprise Server 15 SP4 , Novell Inc. Suse Linux Enterprise Desktop 15 SP2 , Novell Inc. Suse Linux Enterprise Desktop 15 SP4 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP4 , Red Hat Inc. Red Hat Enterprise Linux 9 , Novell Inc. Suse Linux Enterprise Desktop 15 SP1 , Novell Inc. Suse Linux Enterprise Desktop 15 , Novell Inc. openSUSE Leap Micro 5.2 , Novell Inc. openSUSE Leap Micro 5.3 , Novell Inc. Suse Linux Enterprise Server 15 SP3-LTSS , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP5 , Novell Inc. Suse Linux Enterprise Server 15 SP5 , Novell Inc. Suse Linux Enterprise Desktop 15 SP5 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Common Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164433), Novell Inc. openSUSE Leap Micro 5.4 , Novell Inc. openSUSE Leap Micro 5.5 , Novell Inc. SUSE Liberty Linux 9 , Novell Inc. Suse Linux Enterprise Server 15 SP4-LTSS , Novell Inc. Suse Linux Enterprise Desktop 15 SP6 , Novell Inc. Suse Linux Enterprise Server 15 SP6 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP6 , Novell Inc. OpenSUSE Leap 15.6 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.8  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Novell Inc. Suse Linux Enterprise Server 12 SP5-LTSS , Novell Inc. Suse Linux Enterprise Server 12 SP5 LTSS Extended Security , Novell Inc. Suse Linux Enterprise Server 15 SP5-LTSS , Novell Inc. Suse Linux Enterprise Desktop 15 SP7 , Novell Inc. Suse Linux Enterprise Server 15 SP7 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP7 , Red Hat Inc. Red Hat Enterprise Linux 10 , \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.14  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u041e\u041e\u041e \u00ab\u041d\u0426\u041f\u0420\u00bb \u041c\u0421\u0412\u0421\u0444\u0435\u0440\u0430 9.5 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 3.8  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 mod_ssl \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 Apache HTTP Server, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u0434\u043e\u0441\u0442\u0443\u043f\u0430 (CWE-284)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 mod_ssl \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 Apache HTTP Server \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0440\u0430\u0437\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://httpd.apache.org/security/vulnerabilities_24.html\nhttps://access.redhat.com/security/cve/cve-2025-23048\nhttps://security-tracker.debian.org/tracker/CVE-2025-23048\nhttps://www.suse.com/security/cve/CVE-2025-23048.html\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\nhttps://altsp.su/obnovleniya-bezopasnosti/\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-0923SE17\nhttps://github.com/absholi7ly/CVE-2025-23048-POC\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.14/\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-1020SE47\nhttps://errata.msvsphere-os.ru/definition/9/INFCSA-2025:15023?lang=ru\nhttps://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-1113SE18\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20251225SE16\nhttps://wiki.astralinux.ru/astra-linux-se38-bulletin-2026-0126SE38\nhttps://wiki.astralinux.ru/astra-linux-se38-bulletin-2026-0126SE38",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u044b\u0445 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0430, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-284",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,4)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,1)"
}

bit-apache-2025-23048

Vulnerability from bitnami_vulndb

Published

2025-07-16 07:56

Modified

2025-11-06 13:25

Summary

Apache HTTP Server: mod_ssl access control bypass with session resumption

Details

In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption.

Configurations are affected when mod_ssl is configured for multiple virtual hosts, with each restricted to a different set of trusted client certificates (for example with a different SSLCACertificateFile/Path setting). In such a case, a client trusted to access one virtual host may be able to access another virtual host, if SSLStrictSNIVHostCheck is not enabled in either virtual host.

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Bitnami",
        "name": "apache",
        "purl": "pkg:bitnami/apache"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.35"
            },
            {
              "fixed": "2.4.64"
            }
          ],
          "type": "SEMVER"
        }
      ],
      "severity": [
        {
          "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "type": "CVSS_V3"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-23048"
  ],
  "database_specific": {
    "cpes": [
      "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*"
    ],
    "severity": "Critical"
  },
  "details": "In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption.\n\nConfigurations are affected when mod_ssl is configured for multiple virtual hosts, with each restricted to a different set of trusted client certificates (for example with a different SSLCACertificateFile/Path setting). In such a case, a client trusted to access one virtual host may be able to access another virtual host, if SSLStrictSNIVHostCheck is not enabled in either virtual host.",
  "id": "BIT-apache-2025-23048",
  "modified": "2025-11-06T13:25:46.476Z",
  "published": "2025-07-16T07:56:19.860Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23048"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2025/07/10/2"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2025/07/10/8"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00009.html"
    }
  ],
  "schema_version": "1.6.2",
  "summary": "Apache HTTP Server: mod_ssl access control bypass with session resumption"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-23048 (GCVE-0-2025-23048)

Solutions

Solutions

Solutions

Solutions

Solutions

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Vulnerability from bitnami_vulndb

Tags

Sightings

Nomenclature