Apache HTTPD CVE-2025-23048 vulnerability in vCenter Server
search cancel

Apache HTTPD CVE-2025-23048 vulnerability in vCenter Server

book

Article ID: 405788

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

The Apache Foundation has issued vulnerability CVE-2025-23048 with a CVSS of 9.1, against HTTPD versions up to and including 2.4.62.

Environment

vCenter Server Appliance 8.0 Update 3e and earlier

Cause

The vCenter Server Appliance up to 8.0 U3e ships with Apache HTTPD 2.4.62, and is affected by CVE-2025-23048.

The NIST vulnerability report can be viewed here: https://nvd.nist.gov/vuln/detail/CVE-2025-23048
The Apache Foundation report can be found here: https://httpd.apache.org/security/vulnerabilities_24.html

Resolution

 

VMware By Broadcom is aware of CVE-2025-23048.

Please refer to the release notes for existing and forthcoming product releases for any updates in relation to this CVE.

Should you require further information please contact Broadcom Support.

Powered by Wolken Software