Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-td8g-tmny-jyaa
Vulnerability ID VCID-td8g-tmny-jyaa
Aliases CVE-2025-55753
Summary An integer overflow in the case of failed ACME certificate renewal leads, after a number of failures (~30 days in default configurations), to the backoff timer becoming 0. Attempts to renew the certificate then are repeated without delays until it succeeds. This issue affects Apache HTTP Server: from 2.4.30 before 2.4.66. Users are recommended to upgrade to version 2.4.66, which fixes the issue.
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-190 Integer Overflow or Wraparound
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55753.json
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2025-55753
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2025-55753
epss 0.00104 https://api.first.org/data/v1/epss?cve=CVE-2025-55753
epss 0.00104 https://api.first.org/data/v1/epss?cve=CVE-2025-55753
epss 0.00104 https://api.first.org/data/v1/epss?cve=CVE-2025-55753
epss 0.00104 https://api.first.org/data/v1/epss?cve=CVE-2025-55753
epss 0.00104 https://api.first.org/data/v1/epss?cve=CVE-2025-55753
epss 0.00104 https://api.first.org/data/v1/epss?cve=CVE-2025-55753
epss 0.00104 https://api.first.org/data/v1/epss?cve=CVE-2025-55753
epss 0.00104 https://api.first.org/data/v1/epss?cve=CVE-2025-55753
epss 0.00104 https://api.first.org/data/v1/epss?cve=CVE-2025-55753
epss 0.00104 https://api.first.org/data/v1/epss?cve=CVE-2025-55753
epss 0.00104 https://api.first.org/data/v1/epss?cve=CVE-2025-55753
epss 0.00104 https://api.first.org/data/v1/epss?cve=CVE-2025-55753
cvssv3.1 6.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 7.5 https://httpd.apache.org/security/vulnerabilities_24.html
ssvc Track https://httpd.apache.org/security/vulnerabilities_24.html
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55753.json
https://api.first.org/data/v1/epss?cve=CVE-2025-55753
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55753
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1121926 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121926
2419140 https://bugzilla.redhat.com/show_bug.cgi?id=2419140
CVE-2025-55753 https://httpd.apache.org/security/json/CVE-2025-55753.json
RHSA-2025:23732 https://access.redhat.com/errata/RHSA-2025:23732
RHSA-2025:23738 https://access.redhat.com/errata/RHSA-2025:23738
RHSA-2025:23739 https://access.redhat.com/errata/RHSA-2025:23739
RHSA-2026:0009 https://access.redhat.com/errata/RHSA-2026:0009
RHSA-2026:0010 https://access.redhat.com/errata/RHSA-2026:0010
RHSA-2026:0011 https://access.redhat.com/errata/RHSA-2026:0011
RHSA-2026:0012 https://access.redhat.com/errata/RHSA-2026:0012
RHSA-2026:0029 https://access.redhat.com/errata/RHSA-2026:0029
RHSA-2026:0030 https://access.redhat.com/errata/RHSA-2026:0030
RHSA-2026:0092 https://access.redhat.com/errata/RHSA-2026:0092
RHSA-2026:0093 https://access.redhat.com/errata/RHSA-2026:0093
RHSA-2026:0094 https://access.redhat.com/errata/RHSA-2026:0094
RHSA-2026:2994 https://access.redhat.com/errata/RHSA-2026:2994
RHSA-2026:2995 https://access.redhat.com/errata/RHSA-2026:2995
USN-7968-1 https://usn.ubuntu.com/7968-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55753.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://httpd.apache.org/security/vulnerabilities_24.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-05T19:26:40Z/ Found at https://httpd.apache.org/security/vulnerabilities_24.html
Exploit Prediction Scoring System (EPSS)
Percentile 0.22106
EPSS Score 0.00072
Published At April 2, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:36:23.794398+00:00 Apache HTTPD Importer Import https://httpd.apache.org/security/json/CVE-2025-55753.json 38.0.0