CVE-2025-31651

CWE-116CWE-15011 documents8 sources
Severity
9.8CRITICAL
EPSS
0.4%
top 41.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache TomcatApache Software Foundation Apache Tomcat
Timeline
PublishedApr 28
Latest updateOct 15

Description

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, those constraints could be bypassed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102. The following versions were EOL at the tim

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages7 packages

NVDapache/tomcat9.0.09.0.104+2
Mavenorg.apache.tomcat:tomcat-catalina9.0.769.0.104+3
Mavenorg.apache.tomcat.embed:tomcat-embed-core9.0.769.0.104+3
CVEListV5apache_software_foundation/apache_tomcat11.0.0-M111.0.5+3
Debiantomcat9< 9.0.107-0+deb11u1+3

🔴Vulnerability Details

5
OSV
tomcat10 vulnerabilities2025-08-20
OSV
CVE-2025-31651: Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat2025-04-28
OSV
Apache Tomcat Rewrite rule bypass2025-04-28
GHSA
Apache Tomcat Rewrite rule bypass2025-04-28
CVEList
Apache Tomcat: Bypass of rules in Rewrite Valve2025-04-28

📋Vendor Advisories

5
Oracle
Oracle Oracle Siebel CRM Risk Matrix: Application Interface (Apache Tomcat) — CVE-2025-316512025-10-15
Ubuntu
Tomcat vulnerabilities2025-08-20
Oracle
Oracle Oracle Fusion Middleware Risk Matrix: Runtime Server (Apache Tomcat) — CVE-2025-316512025-07-15
Red Hat
tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve2025-04-28
Debian
CVE-2025-31651: tomcat10 - Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in A...2025