Patch your Apache

Patch your Apache before it mines crypto on your behalf

Security researchers have spotted active exploitation of a new Apache HTTP Server bug, CVE‑2025‑31925 (CVSS 9.4). The flaw lives in the mod_proxy_uwsgi module: a single malicious request can trigger a buffer overflow and lets an attacker run commands with the same privileges as Apache. Threat actors are already chaining the bug with weak admin passwords to drop crypto‑miners and reverse shells on Linux web servers. Patches arrived in Apache 2.4.61; any earlier 2.4 branch is vulnerable unless the module is disabled. Mitigation: upgrade or comment‑out LoadModule proxy_uwsgi_module in httpd.conf, then restart the service. So far, exploitation appears opportunistic rather than targeted, but the window is open until sysadmins patch.

If your web server is still running Apache 2.4.60 or older, it’s time for a quick brew and an urgent upgrade. A shiny new flaw, CVE‑2025‑31925, lets miscreants fire off one dodgy request and waltz in with full Apache privileges. Lovely.

What’s broken?
Blame the mod_proxy_uwsgi module. A buffer overflow means an attacker can slip their own code straight into memory and make your server do the cha‑cha to their tune—usually installing a crypto‑miner or backdoor faster than you can say “Why is my CPU at 100 %?”

Who’s at risk?
Anyone still on Apache 2.4.60 or earlier with that module enabled. Cloud VPS, on‑prem box, Raspberry Pi in the cupboard—if it serves HTTP and runs proxy_uwsgi, it’s fair game.
The fix (spoiler: upgrade!)
1. Update to Apache 2.4.61—packages are out for Debian, Ubuntu, RHEL and friends.
2. Can’t patch today? Comment out this line in httpd.conf: #LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so Then restart Apache.
3. Pour yourself that brew at last.
Why you shouldn’t dither
Researchers have already seen opportunistic scans slinging exploit code. Leave it unpatched and your box could be sweating for someone else’s Bitcoin by teatime.