cbcvebase.
CVE-2025-55668
published 2025-08-13

CVE-2025-55668: Session Fixation vulnerability in Apache Tomcat via rewrite valve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through…

medium6.5CVSS 3.1
AVNACLPRNUIRSUCHINAN
Session Fixation vulnerability in Apache Tomcat via rewrite valve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.

Affected

10 ranges
VendorProductVersion rangeFixed in
apachetomcat
apachetomcat>= 10.0.0 < 10.1.4210.1.42
apachetomcat>= 11.0.0 < 11.0.811.0.8
apachetomcat>= 9.0.1 < 9.0.1069.0.106
apache_software_foundationapache_tomcat10.1.0-M1 – 10.1.41
apache_software_foundationapache_tomcat11.0.0-M1 – 11.0.7
apache_software_foundationapache_tomcat9.0.0.M1 – 9.0.105
debiantomcat10< tomcat10 10.1.52-1~deb12u1 (bookworm)tomcat10 10.1.52-1~deb12u1 (bookworm)
debiantomcat11< tomcat10 10.1.52-1~deb12u1 (bookworm)tomcat10 10.1.52-1~deb12u1 (bookworm)
debiantomcat9< tomcat10 10.1.52-1~deb12u1 (bookworm)tomcat10 10.1.52-1~deb12u1 (bookworm)

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
osv6.5MEDIUM