CVE-2025-55668

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-55668
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-55668.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-55668
Aliases
Downstream
Published
2025-08-13T14:15:33.330Z
Modified
2026-02-03T07:40:16.523032Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Session Fixation vulnerability in Apache Tomcat via rewrite valve.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Older, EOL versions may also be affected.

Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.

References

Affected packages

Git / github.com/apache/tomcat

Affected ranges

Type
GIT
Repo
https://github.com/apache/tomcat
Events
Introduced
4c8b650437e2464c1c31c6598a263b3805b7a81f
Fixed
0289da4f342744334e0fc5a53ee958e68024fead
Introduced
3c78e95e36268dfb76db1570f0cf49104fa6eabc
Fixed
05ccf0c3e22d388f0cf853e32485d8249d051f2f
Introduced
56e547d387ab49f688c93fe9ca082b1b5d94deed
Fixed
8a48dcb90f13f1670632e763e945f4cc9ef869e6

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-55668.json"