CVE-2025-10002: 
WordPress vulnerability analysis and mitigation

A critical vulnerability (CVE-2025-3891) was discovered in the modauthopenidc module for Apache HTTP Server. The vulnerability was first reported on April 29, 2025, and last modified on July 28, 2025. This module enables Apache HTTP Server to function as an OpenID Connect Relying Party and OAuth 2.0 Resource Server (Red Hat Advisory).

The vulnerability allows a remote, unauthenticated attacker to trigger a denial of service condition by sending an empty POST request when the OIDCPreservePost directive is enabled. The issue has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The vulnerability is classified under CWE-248 (Uncaught Exception) (NVD).

When exploited, this vulnerability causes the server to crash consistently, severely affecting system availability. The impact is particularly significant as it requires no authentication or user interaction to exploit, making it an attractive target for malicious actors seeking to disrupt service operations (Red Hat Advisory).

Red Hat has released security updates to address this vulnerability through multiple security advisories (RHSA-2025:10002 through RHSA-2025:10010). The fix is available for various versions of Red Hat Enterprise Linux, including versions 7.0, 8.0, and 9.0. Users are strongly advised to apply these security updates (Red Hat Advisory).