CVE-2025-55753
Publication date 5 December 2025
Last updated 19 January 2026
Ubuntu priority
Description
An integer overflow in the case of failed ACME certificate renewal leads, after a number of failures (~30 days in default configurations), to the backoff timer becoming 0. Attempts to renew the certificate then are repeated without delays until it succeeds. This issue affects Apache HTTP Server: from 2.4.30 before 2.4.66. Users are recommended to upgrade to version 2.4.66, which fixes the issue.
Why is this CVE low priority?
Apache developers have rated this as being low severity
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| apache2 | 25.10 questing |
Fixed 2.4.64-1ubuntu3.2
|
| 24.04 LTS noble |
Fixed 2.4.58-1ubuntu8.10
|
|
| 22.04 LTS jammy |
Fixed 2.4.52-1ubuntu4.18
|
|
| 20.04 LTS focal |
Needs evaluation
|
|
| 18.04 LTS bionic |
Needs evaluation
|
|
| 16.04 LTS xenial |
Needs evaluation
|
|
| 14.04 LTS trusty |
Needs evaluation
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
7.5 · High
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | None |
| Availability impact | None |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
References
Related Ubuntu Security Notices (USN)
- USN-7968-1
- Apache HTTP Server vulnerabilities
- 19 January 2026