An integer overflow in the case of failed ACME certificate renewal leads, after a number of failures (~30 days in default configurations), to the backoff timer becoming 0. Attempts to renew the certificate then are repeated without delays until it succeeds.
This issue affects Apache HTTP Server: from 2.4.30 before 2.4.66.
Users are recommended to upgrade to version 2.4.66, which fixes the issue.
" } ], "value": "An integer overflow in the case of failed ACME certificate renewal leads, after a number of failures (~30 days in default configurations), to the backoff timer becoming 0. Attempts to renew the certificate then are repeated without delays until it succeeds.\n\nThis issue affects Apache HTTP Server: from 2.4.30 before 2.4.66.\n\n\nUsers are recommended to upgrade to version 2.4.66, which fixes the issue." } ], "metrics": [ { "other": { "content": { "text": "low" }, "type": "Textual description of severity" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-190", "description": "CWE-190 Integer Overflow or Wraparound", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09" }, "source": { "discovery": "EXTERNAL" }, "timeline": [ { "lang": "en", "time": "2025-08-15T10:58:00.000Z", "value": "reported" }, { "lang": "eng", "time": "2025-12-04", "value": "2.4.66 released" } ], "title": "Apache HTTP Server: mod_md (ACME), unintended retry intervals", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "cveId": "CVE-2025-55753", "serial": 1, "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }