CVE-2025-46701

CWE-1789 documents7 sources
Severity
7.3HIGH
EPSS
0.1%
top 67.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache TomcatApache Software Foundation Apache Tomcat
Timeline
PublishedMay 29
Latest updateAug 20

Description

Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.6, from 10.1.0-M1 through 10.1.40, from 9.0.0.M1 through 9.0.104. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be af

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 3.9 | Impact: 3.4

Affected Packages8 packages

NVDapache/tomcat9.0.09.0.105+2
Mavenorg.apache.tomcat:tomcat-catalina9.0.0.M19.0.105+3
Mavenorg.apache.tomcat.embed:tomcat-embed-core9.0.0.M19.0.105+3
CVEListV5apache_software_foundation/apache_tomcat11.0.0-M111.0.6+3
Debiantomcat9< 9.0.107-0+deb11u1+3

🔴Vulnerability Details

5
OSV
tomcat10 vulnerabilities2025-08-20
GHSA
Apache Tomcat - CGI security constraint bypass2025-05-29
OSV
Apache Tomcat - CGI security constraint bypass2025-05-29
OSV
CVE-2025-46701: Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that appl2025-05-29
CVEList
Apache Tomcat: Security constraint bypass for CGI scripts2025-05-29

📋Vendor Advisories

3
Ubuntu
Tomcat vulnerabilities2025-08-20
Red Hat
tomcat: Apache Tomcat: Security constraint bypass for CGI scripts2025-05-29
Debian
CVE-2025-46701: tomcat10 - Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servl...2025