PT-2025-18103 · Apache+11 · Apache Tomcat+11
Mark Thomas
·
Published
2025-04-08
·
Updated
2026-05-18
·
CVE-2025-31651
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Apache Tomcat versions 11.0.0-M1 through 11.0.5
Apache Tomcat versions 10.1.0-M1 through 10.1.39
Apache Tomcat versions 9.0.0.M1 through 9.0.102
Description
The issue is related to the improper neutralization of escape, meta, or control sequences in Apache Tomcat, which could allow a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, those constraints could be bypassed.
Recommendations
Upgrade to version [FIXED VERSION] to fix the issue for Apache Tomcat versions 11.0.0-M1 through 11.0.5
Upgrade to version [FIXED VERSION] to fix the issue for Apache Tomcat versions 10.1.0-M1 through 10.1.39
Upgrade to version [FIXED VERSION] to fix the issue for Apache Tomcat versions 9.0.0.M1 through 9.0.102
Fix
DoS
Improper Encoding or Escaping of Output
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Almalinux
Apache Tomcat
Astra Linux
Centos
Debian
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu