Cyber Resilience

CVE-2025-3891

High

Published: 29 April 2025

Published
29 April 2025
Modified
28 July 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0101 77.6th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-3891 is a high-severity Uncaught Exception (CWE-248) vulnerability in Redhat Enterprise Linux. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked in the top 22.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

The vulnerability CVE-2025-3891 affects the mod_auth_openidc module for Apache httpd. It stems from improper handling of an empty POST request when the OIDCPreservePost directive is enabled, causing the server to crash consistently and resulting in a denial of service that impacts availability. The issue carries a CVSS 3.1 base score of 7.5 and is associated with CWE-248.

A remote unauthenticated attacker can exploit the flaw over the network by sending a specially crafted empty POST request to a vulnerable server with the directive enabled, achieving disruption of service without any authentication or user interaction required.

Red Hat has published multiple advisories (RHSA-2025:10002 through RHSA-2025:10007) that address the issue through updated packages for affected products.

The associated EPSS score remains low, with a current value of 0.0101 and a peak of 0.0133.

EU & UK References

Vulnerability details

A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently,…

more

affecting availability.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

CVE-2025-3891 enables denial of service by crashing the Apache httpd server with mod_auth_openidc via an empty POST request when OIDCPreservePost is enabled, facilitating endpoint DoS through application exploitation.

MITRE ATLAS TechniquesAI

MITRE ATLAS techniques

AML.T0048: External Harms

Affected Assets

apache
http server
all versions
redhat
enterprise linux
7.0, 8.0, 9.0
debian
debian linux
11.0

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-248

Prevents abrupt termination from uncaught exceptions by requiring a defined, preserved-state failure mode.

addresses: CWE-248

Requires pre-defined safe responses for uncaught exceptions so they do not result in undefined or insecure program termination.

References