Apache HTTP Server mod_proxy_http2 DoS (CVE-2025-49630)

Dec 11, 2025

Summary
A backend-triggered assertion failure in mod_proxy_http2 may cause server crashes.

Vulnerability ID Vulnerability Overview

CVE-2025-49630

A flaw in Apache HTTP Server’s mod_proxy_http2 allows a backend system to trigger an assertion failure under certain configurations, particularly when ProxyPreserveHost on is enabled. Malicious or misconfigured backend responses can cause the proxy module to abort, terminating the worker process and resulting in denial of service. All configurations that use HTTP/2 backends are potentially impacted.

Affected Supported TeraStations

TS7010
Vulnerability is patched from firmware version 2.00

TS5020 and TS3030
Vulnerability is patched from firmware version 3.08

Back to Security Notices

Date	Description
11/20/2025	Initial release
12/10/2025	Update for TS5020/3030

Network Attached Storage

Portable Solid State Drive (SSD)

External Hard Drives

While Supplies Last

Optical Drives

Multi-Gigabit Switches

Accessories

View All

Latest Article

Buffalo Americas Product Life Cycle Status Change Notice - BS-MP2008 & BS-MP2012 Business Switches

Apache HTTP Server mod_proxy_http2 DoS (CVE-2025-49630)