cbcvebase.
CVE-2025-61581
published 2025-10-16

CVE-2025-61581: ** UNSUPPORTED WHEN ASSIGNED ** Inefficient Regular Expression Complexity vulnerability in Apache Traffic Control. This issue affects Apache Traffic Control…

PriorityP345high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.67%
47.4th percentile
** UNSUPPORTED WHEN ASSIGNED ** Inefficient Regular Expression Complexity vulnerability in Apache Traffic Control.

This issue affects Apache Traffic Control: all versions.

People with access to the management interface of the Traffic Router component could specify malicious patterns and cause unavailability.

As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.

NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Affected

3 ranges
VendorProductVersion rangeFixed in
apachetraffic_control<= 8.0.2
apache_software_foundationapache_traffic_control< **
github.comapache_trafficcontrol_v80 – 8.0.2
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.