CVE-2025-55753

HIGH7.5

Apache HTTP Server: mod_md (ACME), unintended retry intervals

Published Dec 5, 2025

Modified 1 months ago

No fix available

Details

An integer overflow in the case of failed ACME certificate renewal leads, after a number of failures (~30 days in default configurations), to the backoff timer becoming 0. Attempts to renew the certificate then are repeated without delays until it succeeds.

This issue affects Apache HTTP Server: from 2.4.30 before 2.4.66.

Users are recommended to upgrade to version 2.4.66, which fixes the issue.

References

WEBhttp://www.openwall.com/lists/oss-security/2025/12/04/4 ADVISORYhttps://httpd.apache.org/security/vulnerabilities_24.html ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2025-55753

CVSS Analysis

CVSS v3.1

7.5

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

NoneI:N

Availability

NoneA:N

7.5/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Weakness Type (CWE)

Other

CWE-190

Ecosystems

Timeline

PublishedDec 5, 2025

ModifiedDec 5, 2025

CVE-2025-55753 | Mondoo Vulnerability Intelligence