PT-2025-32985 · Apache+4 · Apache Tomcat+4

Greg K

Published

2025-06-03

Updated

2026-02-07

CVE-2025-55668

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 11.0.0-M1 through 11.0.7 Apache Tomcat versions 10.1.0-M1 through 10.1.41 Apache Tomcat versions 9.0.0.M1 through 9.0.105

Description: A session fixation issue exists in Apache Tomcat due to a flaw in the rewrite valve.

Recommendations: Upgrade to Apache Tomcat version 11.0.8. Upgrade to Apache Tomcat version 10.1.42. Upgrade to Apache Tomcat version 9.0.106.

Exploit

Fix

Session Fixation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-384

Related Identifiers

ALT-PU-2025-12367

ALT-PU-2025-12369

BDU:2025-09900

BIT-TOMCAT-2025-55668

CVE-2025-55668

GHSA-23HV-MWM6-G8JF

OESA-2025-2243

RHSA-2026:2740

RHSA-2026:6569

RHSA-2026:8334

Affected Products

Alt Linux

Apache Tomcat

Astra Linux

Debian

Red Os

PT-2025-32985 · Apache+4 · Apache Tomcat+4

CVE-2025-55668

Weakness Enumeration

Related Identifiers

Affected Products

References · 36