Endpoint Vulnerability

Apache HTTP Server CVE-2025-58098 Vulnerability

Description

Apache HTTP Server 2.4.65 and earlier with SSI and mod_cgid can pass shell-escaped query strings to #exec cmd directives, enabling command execution; upgrade to 2.4.66 to fix.

Affected Applications

Apache HTTP Server

Version Updates

Date	Version	Status	Detail
2025-12-15	1.00940	New	Apache HTTP Server

References

https://httpd.apache.org/security/

ID	88507
Created	Dec 09, 2025
Description Updated	Jan 10, 2026
CVE ID
Risk
Coverage	FortiClient
OS	Windows
Vendor	Apache
Patch	manual
Application	Apache HTTP Server

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Endpoint Vulnerability

Apache HTTP Server CVE-2025-58098 Vulnerability

Description

Affected Applications

Version Updates

References

Research Center

Services

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Threat Intelligence Center

Support Center

Resource Center

About

Endpoint Vulnerability

Apache HTTP Server CVE-2025-58098 Vulnerability

Description

Affected Applications

Version Updates

References

Threat Intelligence
Center