CVE-2025-55668NVD

Vulnerability Summary

Session Fixation vulnerability in Apache Tomcat via rewrite valve.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105.
Older, EOL versions may also be affected.

Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.

Severity Level

MEDIUM(6.5)

Published Date

Aug 13, 2025

Last Modified

Aug 18, 2025

Exploitation Status

????

EPSS Score (30-Day)

Data Pending

Root Weakness (CWE)

CWE-384: Unknown/Unlisted Weakness ↗

Refer to the official MITRE database for detailed architectural specifications regarding this weakness.

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionRequired

ScopeUnchanged

ConfidentialityHigh

IntegrityNone

AvailabilityNone

External References

https://lists.apache.org/thread/v6bknr96rl7l1qxkl1c03v0qdvbbqs47

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2025-55668NVD

Vulnerability Summary

External References