CVE-2025-49812
Apache HTTP Server: mod_ssl TLS upgrade attackIn some mod_ssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade. Only configurations using "SSLEngine optional" to enable TLS upgrades are affected. Users are recommended to upgrade to version 2.4.64, which removes support for TLS upgrade.
We have discovered 1,876,493 live websites that are affected by CVE-2025-49812.
Affected Software
| Product |  Apache |
| Category | Web Servers |
| Vulnerable Domains | 1,876,493 live websites (68% of Apache install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 115 versions ( 97% of all versions) |
Common Weakness Enumeration
CWE-287 Improper AuthenticationDetails
- Published - Jul 10, 2025
- Updated - Nov 4, 2025
Credits
- Robert Merget (Technology Innovation Institute) (finder)
- Nurullah Erinola (Ruhr University Bochum) (finder)
- Marcel Maehren (Ruhr University Bochum) (finder)
- Lukas Knittel (Ruhr University Bochum) (finder)
- Sven Hebrok (Paderborn University) (finder)
- Marcus Brinkmann (Ruhr University Bochum) (finder)
- Juraj Somorovsky (Paderborn University) (finder)
- Jörg Schwenk (Ruhr University Bochum) (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2025-49812 United States | 497,715 websites |
 Germany | 215,128 websites |
 Taiwan | 113,513 websites |
 France | 107,488 websites |
 Netherlands | 84,840 websites |
 Japan | 81,709 websites |
 Russia | 68,011 websites |
 Italy | 58,702 websites |
 Czech Republic | 50,498 websites |
 GB | 47,854 websites |
Website Distribution by TLD
Number of websites using CVE-2025-49812| .com | 707,713 websites |
| .de | 132,057 websites |
| .org | 84,356 websites |
| .net | 74,542 websites |
| .nl | 63,474 websites |
| .ru | 59,897 websites |
| .it | 51,260 websites |
| .cz | 41,964 websites |
| .fr | 34,855 websites |
| .jp | 32,966 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-49812
Top websites that are affected by CVE-2025-49812. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *******.com |  Singapore | *** | |
| *************.***.****.****.************.net | United States | *** | |
| *****.***********.com |  Canada | *** | |
| *********.net | United States | *** | |
| ***.****.us | United States | *,*** | |
| ***.*********.com | Singapore | *,*** | |
| *****.*******.com | Singapore | *,*** | |
| ******.net |  Sweden | *,*** | |
| ******************.com | United States | *,*** | |
| ****.*********.net | GB | *,*** |
FAQ
CVE-2025-49812 is Improper Authentication in Apache
A total of 1,876,493 websites have been identified as vulnerable to CVE-2025-49812, based on global website indexing conducted by WebTechSurvey.
The Apache is affected by the CVE-2025-49812 vulnerability.
Apache versions up to and including 2.4.63 are vulnerable to CVE-2025-49812.