CVE-2025-61581

CWE-13335 documents4 sources

Severity

7.5HIGH

EPSS

0.3%

top 45.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Software Foundation Apache Traffic Control Github.com Apache/trafficcontrol/v8 Apache Traffic Control

Timeline

PublishedOct 16

Latest updateOct 30

Description

** UNSUPPORTED WHEN ASSIGNED ** Inefficient Regular Expression Complexity vulnerability in Apache Traffic Control. This issue affects Apache Traffic Control: all versions. People with access to the management interface of the Traffic Router component could specify malicious patterns and cause unavailability. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. N…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5apache_software_foundation/apache_traffic_control< *

▶NVDapache/traffic_control8.0.2

▶Gogithub.com/apache/trafficcontrol/v88.0.2

🔴Vulnerability Details

OSV

Apache Traffic Control has an Inefficient Regular Expression Complexity vulnerability in github.com/apache/trafficcontrol↗2025-10-30

▶

OSV

Apache Traffic Control has an Inefficient Regular Expression Complexity vulnerability↗2025-10-16

▶

CVEList

Apache Traffic Control: ReDoS issue in Traffic Router configuration↗2025-10-16

▶

GHSA

Apache Traffic Control has an Inefficient Regular Expression Complexity vulnerability↗2025-10-16

▶