- Description
- Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, those constraints could be bypassed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.
- Source
- security@apache.org
- NVD status
- Modified
- Products
- tomcat
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- Hype score
- Not currently trending
⚠️Actualización de seguridad para productos DellPowerProtect ❗CVE-2025-31651 ❗CVE-2024–52533 ❗CVE-2024–45490 ➡️Más info: https://t.co/PC0qoqFmna https://t.co/2SqSppDNrq
@CERTpy
14 Aug 2025
116 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
⚠️Múltiples vulnerabilidades en HPE Telco Service Orchestrator ❗CVE-2025-31650 ❗CVE-2025-31651 ➡️Más info: https://t.co/Z5eQBrRz1i https://t.co/7NBvluSTqO
@CERTpy
5 Jun 2025
96 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical Apache Tomcat vulns (CVE-2025-31651/31650) let attackers crash or take over SUSE Linux servers. Patch guide:👉 https://t.co/jM0ryP0uLv #DevOps #InfoSec https://t.co/PkGDe3WZpn
@Cezar_H_Linux
13 May 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【CVE-2025-31650・CVE-2025-31651】2つの重大な脆弱性修正を含む最新安定版「Tomcat 11.0.6」へのアップデートのススメ https://t.co/z0dDhgH2sz @nikkeimatomeより
@nikkeimatome
9 May 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[JVNVU#93256936] Apache Tomcatにおける複数の脆弱性(CVE-2025-31650、CVE-2025-31651) https://t.co/spHVEWtXLC #jvn #脆弱性 #セキュリティ
@jpsecuritynews
9 May 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
JVNVU#93256936 Apache Tomcatにおける複数の脆弱性(CVE-2025-31650、CVE-2025-31651) https://t.co/ATFp9a3QiB ご利用の方は早めの対応を。
@Syynya
8 May 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
JVNVU#93256936: Apache Tomcatにおける複数の脆弱性(CVE-2025-31650、CVE-2025-31651) https://t.co/jtIzMisJnV
@Luke06121
8 May 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
JVN: Apache Tomcatにおける複数の脆弱性(CVE-2025-31650、CVE-2025-31651) https://t.co/ce5RtazJ4l
@AileenWoodstock
8 May 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[2025/05/08 10:00 公表] Apache Tomcatにおける複数の脆弱性(CVE-2025-31650、CVE-2025-31651) https://t.co/zu1zoiNG7t
@jvnjp
8 May 2025
269 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
1 Quote
🔴 Apache Tomcat, Security Bypass, #CVE-2025-31651 (Critical) https://t.co/Y9uhsU8fv3
@dailycve
5 May 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apache Sécurité, La vulnérabilité CVE-2025-31651 pourrait entraîner un Déni de service par surcharge des buffers. (Bulletin de sécurité – Mises à jour critiques des 8 et 9 avril 2025) https://t.co/mzBeaeDONW
@NicolasCoolman
4 May 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-31651 04/28/2025 08:15:20 PM Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specia... https://t.co/73qklIYcyG
@CVETracker
29 Apr 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Vulnerabilidades en Apache Tomcat ❗CVE-2025-31650 ❗CVE-2025-31651 ➡️Más info: https://t.co/t8hU9AY3cz https://t.co/K85gRf1v9V
@CERTpy
29 Apr 2025
125 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
아파치 톰캣(Tomcat) 보안취약점(CVE-2025-31650, CVE-2025-31651) 패치 설치 권고 https://t.co/kdW3HaBWoS
@virusmyths
29 Apr 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨 CVE-2025-31650: Denial of Service via Invalid HTTP Prioritization Header & CVE-2025-31651: Rewrite Rule Bypass 📊10.6M+ Services are found on the https://t.co/ysWb28Crld yearly. 🔗Hunter Link:https://t.co/Pf8A56s3ZW 👇Query HUNTER : https://t.co/q9rtuGgxk7
@HunterMapping
29 Apr 2025
2996 Impressions
31 Retweets
75 Likes
25 Bookmarks
0 Replies
0 Quotes
Apache Tomcat Security Update Fixes DoS and Rewrite Rule Bypass Flaws Apache Tomcat patches CVE-2025-31650 and CVE-2025-31651 to fix denial of service and rewrite rule bypass issues. Upgrade now to stay secure. https://t.co/WPVQNtl8bT
@the_yellow_fall
29 Apr 2025
288 Impressions
3 Retweets
0 Likes
2 Bookmarks
0 Replies
0 Quotes
CVE-2025-31651 Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible f… https://t.co/ESmBBVmYMF
@CVEnew
28 Apr 2025
331 Impressions
2 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB09D245-9455-444D-8265-743642DD53C9",
"versionEndExcluding": "9.0.104",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5BD6C26-75CE-4DDC-BF4D-5A5187BD4CAF",
"versionEndExcluding": "10.1.40",
"versionStartIncluding": "10.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9331B3B3-C3C4-4D12-BE11-043F6614B2D3",
"versionEndExcluding": "11.0.6",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]