CVE-2025-55668

CWE-3847 documents6 sources
Severity
6.5MEDIUM
EPSS
0.0%
top 96.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache TomcatApache Software Foundation Apache Tomcat
Timeline
PublishedAug 13

Description

Session Fixation vulnerability in Apache Tomcat via rewrite valve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages6 packages

NVDapache/tomcat9.0.19.0.106+3
Mavenorg.apache.tomcat:tomcat-catalina11.0.0-M111.0.8+2
CVEListV5apache_software_foundation/apache_tomcat11.0.0-M111.0.7+2
Debiantomcat9< 9.0.70-2+3
Debiantomcat10< 10.1.52-1~deb12u1+2

🔴Vulnerability Details

4
GHSA
Apache Tomcat Session Fixation vulnerability2025-08-13
OSV
CVE-2025-55668: Session Fixation vulnerability in Apache Tomcat via rewrite valve2025-08-13
CVEList
Apache Tomcat: session fixation via rewrite valve2025-08-13
OSV
Apache Tomcat Session Fixation vulnerability2025-08-13

📋Vendor Advisories

2
Red Hat
org.apache.tomcat/tomcat-catalina: tomcat: Apache Tomcat: session fixation via rewrite valve2025-08-13
Debian
CVE-2025-55668: tomcat10 - Session Fixation vulnerability in Apache Tomcat via rewrite valve. This issue a...2025
CVE-2025-55668 (MEDIUM CVSS 6.5) | Session Fixation vulnerability in A | cvebase.io