PT-2025-42447 · Apache · Apache Traffic Control

Chris Lemmons

Published

2025-10-16

Updated

2025-11-07

CVE-2025-61581

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Apache Traffic Control (affected versions not specified)

Description A flaw exists in Apache Traffic Control’s Traffic Router component where a malicious pattern provided through the management interface can lead to unavailability. Individuals with access to the management interface are able to specify these patterns. This project is no longer supported, and a fix will not be released.

Recommendations Restrict access to the instance to trusted users. Find an alternative to Apache Traffic Control.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1333

Related Identifiers

CVE-2025-61581

GHSA-9M49-P2J3-C6XM

GO-2025-4033

OPENSUSE-SU-2025:15710-1

Affected Products

Apache Traffic Control

PT-2025-42447 · Apache · Apache Traffic Control

CVE-2025-61581

Weakness Enumeration

Related Identifiers

Affected Products

References · 87