CVE-2025-61581
published 2025-10-16CVE-2025-61581: ** UNSUPPORTED WHEN ASSIGNED ** Inefficient Regular Expression Complexity vulnerability in Apache Traffic Control. This issue affects Apache Traffic Control…
PriorityP345high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.67%
47.4th percentile
** UNSUPPORTED WHEN ASSIGNED ** Inefficient Regular Expression Complexity vulnerability in Apache Traffic Control. This issue affects Apache Traffic Control: all versions. People with access to the management interface of the Traffic Router component could specify malicious patterns and cause unavailability. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | traffic_control | <= 8.0.2 | — |
| apache_software_foundation | apache_traffic_control | < * | * |
| github.com | apache_trafficcontrol_v8 | 0 – 8.0.2 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Apache Traffic Control has an Inefficient Regular Expression Complexity vulnerability in github.com/apache/trafficcontrol
osv·2025-10-30
CVE-2025-61581 Apache Traffic Control has an Inefficient Regular Expression Complexity vulnerability in github.com/apache/trafficcontrol
Apache Traffic Control has an Inefficient Regular Expression Complexity vulnerability in github.com/apache/trafficcontrol
Apache Traffic Control has an Inefficient Regular Expression Complexity vulnerability in github.com/apache/trafficcontrol
OSV
Apache Traffic Control has an Inefficient Regular Expression Complexity vulnerability
osv·2025-10-16
CVE-2025-61581 [LOW] Apache Traffic Control has an Inefficient Regular Expression Complexity vulnerability
Apache Traffic Control has an Inefficient Regular Expression Complexity vulnerability
*** UNSUPPORTED WHEN ASSIGNED ***
Inefficient Regular Expression Complexity vulnerability in Apache Traffic Control.
This issue affects Apache Traffic Control: all versions.
People with access to the management interface of the Traffic Router component could specify malicious patterns and cause unavailability.
As this project is retired, it is not planned to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.
NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
GHSA
Apache Traffic Control has an Inefficient Regular Expression Complexity vulnerability
ghsa·2025-10-16
CVE-2025-61581 [LOW] CWE-1333 Apache Traffic Control has an Inefficient Regular Expression Complexity vulnerability
Apache Traffic Control has an Inefficient Regular Expression Complexity vulnerability
*** UNSUPPORTED WHEN ASSIGNED ***
Inefficient Regular Expression Complexity vulnerability in Apache Traffic Control.
This issue affects Apache Traffic Control: all versions.
People with access to the management interface of the Traffic Router component could specify malicious patterns and cause unavailability.
As this project is retired, it is not planned to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.
NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-10-16
Published