CVE Vulnerabilities

CVE-2025-3891

Uncaught Exception

Published: Apr 29, 2025 | Modified: Jun 06, 2025
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
7.5 IMPORTANT
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Ubuntu
MEDIUM

A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability.

Weakness

An exception is thrown from a function, but it is not caught.

Affected Software

Name Vendor Start Version End Version
Http_server Apache - (including) - (including)
Red Hat Enterprise Linux 8 RedHat mod_auth_openidc:2.3-8100020250426100353.489197e6 *
Libapache2-mod-auth-openidc Ubuntu focal *

References