CVE-2026-25854

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.18, 10.1.0-M1 through 10.1.52, 9.0.0.M23 through 9.0.115, and 8.5.30 through 8.5.100.

Description An open redirect issue exists in Apache Tomcat due to a flaw in the LoadBalancerDrainingValve. This can lead to redirection to untrusted sites.

Recommendations Upgrade to version 11.0.20, 10.1.53, or 9.0.116.

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

BDU:2026-06933

BIT-TOMCAT-2026-25854

CVE-2026-25854

GHSA-9M3C-QCXR-9X87

MGASA-2026-0095

OESA-2026-1970

OPENSUSE-SU-2026:10547-1

OPENSUSE-SU-2026:10548-1

OPENSUSE-SU-2026:10549-1

OPENSUSE-SU-2026:20595-1

OPENSUSE-SU-2026:20611-1

OPENSUSE-SU-2026:20612-1

SUSE-SU-2026:1558-1

SUSE-SU-2026:1572-1

SUSE-SU-2026:1603-1

SUSE-SU-2026:1604-1

Affected Products

Apache Tomcat

Red Os

CVE-2026-25854

Weakness Enumeration

Related Identifiers

Affected Products

References · 84