CVE-2025-53020
Apache HTTP Server: HTTP/2 DoS by Memory IncreaseLate Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: from 2.4.17 up to 2.4.63. Users are recommended to upgrade to version 2.4.64, which fixes the issue.
We have discovered 1,121,756 live websites that are affected by CVE-2025-53020.
Affected Software
| Product |  Apache |
| Category | Web Servers |
| Vulnerable Domains | 1,121,756 live websites (41% of Apache install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 39 versions ( 33% of all versions) |
Common Weakness Enumeration
CWE-401 Missing Release of Memory after Effective LifetimeDetails
- Published - Jul 10, 2025
- Updated - Nov 4, 2025
Credits
- Gal Bar Nahum (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2025-53020 United States | 306,434 websites |
 Germany | 150,909 websites |
 France | 72,522 websites |
 Netherlands | 59,054 websites |
 Italy | 40,161 websites |
 Russia | 39,392 websites |
 Japan | 36,483 websites |
 GB | 34,065 websites |
 Canada | 33,895 websites |
 Czech Republic | 29,221 websites |
Website Distribution by TLD
Number of websites using CVE-2025-53020| .com | 371,222 websites |
| .de | 87,395 websites |
| .org | 56,589 websites |
| .nl | 44,529 websites |
| .net | 43,818 websites |
| .it | 36,022 websites |
| .ru | 35,460 websites |
| .fr | 24,414 websites |
| .cz | 24,335 websites |
| .pl | 24,131 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-53020
Top websites that are affected by CVE-2025-53020. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *******.com |  Singapore | *** | |
| *************.***.****.****.************.net | United States | *** | |
| *********.net | United States | *** | |
| ***.****.us | United States | *,*** | |
| ***.*********.com | Singapore | *,*** | |
| *****.*******.com | Singapore | *,*** | |
| ******.net |  Sweden | *,*** | |
| ****.*********.net | GB | *,*** | |
| ***********.de | Germany | *,*** | |
| ***.***********.com | United States | *,*** |
FAQ
CVE-2025-53020 is Missing Release of Memory after Effective Lifetime in Apache
A total of 1,121,756 websites have been identified as vulnerable to CVE-2025-53020, based on global website indexing conducted by WebTechSurvey.
The Apache is affected by the CVE-2025-53020 vulnerability.
Apache versions up to and including 2.4.63 are vulnerable to CVE-2025-53020.