Webpros has released an update for EasyApache 4!  Take a look at some highlights below, and then join us on the cPanel Community Forums, Discord, or Reddit to talk about this update and much more. If you have additional questions, feel free to reach out on one of our social channels.

• ea-apache24
  • EA-13014: EA-13014: Update ea-apache24 from v2.4.63 to v2.4.64
  • CVE-2025-53020: Apache HTTP Server: HTTP/2 DoS by Memory Increase
  • CVE-2025-49812: Apache HTTP Server: mod_ssl TLS upgrade attack
  • CVE-2025-49630: Apache HTTP Server: mod_proxy_http2 denial of service
  • CVE-2025-23048: Apache HTTP Server: mod_ssl access control bypass with session resumption
  • CVE-2024-47252: Apache HTTP Server: mod_ssl error log variable escaping
  • CVE-2024-43394: Apache HTTP Server: SSRF on Windows due to UNC paths
  • CVE-2024-43204: Apache HTTP Server: SSRF with mod_headers setting Content-Type header
  • CVE-2024-42516: Apache HTTP Server: HTTP response splitting
    
• ea-nginx
  • EA-13028: Address 421 from Apache v2.4.64 SNI fix

SUMMARY

WebPros International, LLC has updated packages for EasyApache 4 with an updated version of Apache. This release addresses vulnerabilities related to CVE-2025-53020, CVE-2025-49812, CVE-2025-49630, CVE-2025-23048, CVE-2024-47252, CVE-2024-43394, CVE-2024-43204, and CVE-2024-42516. We strongly encourage all Apache users to update to version 2.4.64.

AFFECTED VERSIONS
All versions of Apache through 2.4.63.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2025-53020 – MEDIUM
Apache 2.4.64
Fixed vulnerability related to CVE-2025-53020.

CVE-2025-49812 – MEDIUM
Apache 2.4.64
Fixed vulnerability related to CVE-2025-49812.

CVE-2025-49630 – MEDIUM
Apache 2.4.64
Fixed vulnerability related to CVE-2025-49630.

CVE-2025-23048 – MEDIUM
Apache 2.4.64
Fixed vulnerability related to CVE-2025-23048.

CVE-2024-47252 – MEDIUM
Apache 2.4.64
Fixed vulnerability related to CVE-2024-47252.

CVE-2024-43394 – MEDIUM
Apache 2.4.64
Fixed vulnerability related to CVE-2024-43394.

CVE-2024-43204 – MEDIUM
Apache 2.4.64
Fixed vulnerability related to CVE-2024-43204.

CVE-2024-42516 – MEDIUM
Apache 2.4.64
Fixed vulnerability related to CVE-2024-42516.

SOLUTION
WebPros International, LLC has released an updated package for EasyApache 4 25.24 on 2025 July 17, with Apache version 2.4.64. Unless you have enabled automatic package updates in your cron, update your system with either your package manager or WHM’s Run System Update interface.

REFERENCES
https://www.cve.org/CVERecord?id=CVE-2025-53020
https://www.cve.org/CVERecord?id=CVE-2025-49812
https://www.cve.org/CVERecord?id=CVE-2025-49630
https://www.cve.org/CVERecord?id=CVE-2025-23048
https://www.cve.org/CVERecord?id=CVE-2024-47252
https://www.cve.org/CVERecord?id=CVE-2024-43394
https://www.cve.org/CVERecord?id=CVE-2024-43204
https://www.cve.org/CVERecord?id=CVE-2024-42516
https://downloads.apache.org/httpd/CHANGES_2.4.64

Information about all releases this year can be found in the 2025 EasyApache 4 Changelog.

You can follow our RSS feed for all our releases here: https://docs.cpanel.net/release-notes/release-notes/index.xml

GPG signed copy of this announcement: EasyApache4 v25.24 Security Release