CVE-2025-66614
published 2026-04-09CVE-2025-66614: Improper Input Validation vulnerability in Apache Tomcat due to an incomplete fix of CVE-2025-66614. This issue affects Apache Tomcat: from 11.0.15 through…
medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
Improper Input Validation vulnerability in Apache Tomcat due to an incomplete fix of CVE-2025-66614.
This issue affects Apache Tomcat: from 11.0.15 through 11.0.19, from 10.1.50 through 10.1.52, from 9.0.113 through 9.0.115.
Users are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | >= 10.1.1 < 10.1.50 | 10.1.50 |
| apache | tomcat | >= 11.0.1 < 11.0.15 | 11.0.15 |
| apache | tomcat | >= 9.0.1 < 9.0.113 | 9.0.113 |
| apache_software_foundation | apache_tomcat | 10.1.50 – 10.1.52 | — |
| apache_software_foundation | apache_tomcat | 11.0.15 – 11.0.19 | — |
| apache_software_foundation | apache_tomcat | 9.0.113 – 9.0.115 | — |
| debian | tomcat10 | < tomcat10 10.1.52-1~deb12u1 (bookworm) | tomcat10 10.1.52-1~deb12u1 (bookworm) |
| debian | tomcat11 | < tomcat10 10.1.52-1~deb12u1 (bookworm) | tomcat10 10.1.52-1~deb12u1 (bookworm) |
| debian | tomcat9 | < tomcat10 10.1.52-1~deb12u1 (bookworm) | tomcat10 10.1.52-1~deb12u1 (bookworm) |
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
ghsa9.1CRITICAL
osv9.1CRITICAL