CVE-2025-55668

{"id": "CVE-2025-55668", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2025-08-13T14:15:33.330", "references": [{"url": "https://lists.apache.org/thread/v6bknr96rl7l1qxkl1c03v0qdvbbqs47", "tags": ["Mailing List", "Vendor Advisory"], "source": "security@apache.org"}, {"url": "http://www.openwall.com/lists/oss-security/2025/08/13/3", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security@apache.org", "description": [{"lang": "en", "value": "CWE-384"}]}], "descriptions": [{"lang": "en", "value": "Session Fixation vulnerability in Apache Tomcat via rewrite valve.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105.\nOlder, EOL versions may also be affected.\n\nUsers are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue."}, {"lang": "es", "value": "Vulnerabilidad de fijaci\u00f3n de sesi\u00f3n en Apache Tomcat mediante una v\u00e1lvula de reescritura. Este problema afecta a Apache Tomcat: de 11.0.0-M1 a 11.0.7, de 10.1.0-M1 a 10.1.41, y de 9.0.0.M1 a 9.0.105. Las versiones anteriores al final de su vida \u00fatil tambi\u00e9n pueden verse afectadas. Se recomienda actualizar a las versiones 11.0.8, 10.1.42 o 9.0.106, que solucionan el problema."}], "lastModified": "2025-11-04T22:16:30.550", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D612584-5CB2-48F6-A969-0016A419FCB7", "versionEndExcluding": "9.0.106", "versionStartIncluding": "9.0.1"}, {"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B331712D-D798-4901-AE46-C9B57379410A", "versionEndExcluding": "10.1.42", "versionStartIncluding": "10.0.0"}, {"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE393E87-D325-4ABB-B49C-5863ECD3DD83", "versionEndExcluding": "11.0.8", "versionStartIncluding": "11.0.0"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9D0689FE-4BC0-4F53-8C79-34B21F9B86C2"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89B129B2-FB6F-4EF9-BF12-E589A87996CF"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B6787B6-54A8-475E-BA1C-AB99334B2535"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EABB6FBC-7486-44D5-A6AD-FFF1D3F677E1"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E10C03BC-EE6B-45B2-83AE-9E8DFB58D7DB"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A6DA0BE-908C-4DA8-A191-A0113235E99A"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "39029C72-28B4-46A4-BFF5-EC822CFB2A4C"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A2E05A3-014F-4C4D-81E5-88E725FBD6AD"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "166C533C-0833-41D5-99B6-17A4FAB3CAF0"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D3768C60-21FA-4B92-B98C-C3A2602D1BC4"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone19:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DDD510FA-A2E4-4BAF-A0DE-F4E5777E9325"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F542E12-6BA8-4504-A494-DA83E7E19BD5"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone20:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C2409CC7-6A85-4A66-A457-0D62B9895DC1"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone21:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B392A7E5-4455-4B1C-8FAC-AE6DDC70689E"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone22:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF411DDA-2601-449A-9046-D250419A0E1A"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone23:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D7D8F2F4-AFE2-47EA-A3FD-79B54324DE02"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone24:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B4FBF97-DE16-4E5E-BE19-471E01818D40"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone25:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B266B1E-24B5-47EE-A421-E0E3CC0C7471"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone26:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "29614C3A-6FB3-41C7-B56E-9CC3F45B04F0"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone27:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C6AB156C-8FF6-4727-AF75-590D0DCB3F9D"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0C5F004-F7D8-45DB-B173-351C50B0EC16"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D1902D2E-1896-4D3D-9E1C-3A675255072C"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49AAF4DF-F61D-47A8-8788-A21E317A145D"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "454211D0-60A2-4661-AECA-4C0121413FEB"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0686F977-889F-4960-8E0B-7784B73A7F2D"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "558703AE-DB5E-4DFF-B497-C36694DD7B24"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED6273F2-1165-47A4-8DD7-9E9B2472941B"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org"}