CVE-2025-31651

Published Apr 28, 2025

Last updated 17 days ago

Overview

Description
Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, those constraints could be bypassed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102. Users are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.
Source
security@apache.org
NVD status
Awaiting Analysis

Weaknesses

security@apache.org
CWE-150

Social media

Hype score
Not currently trending

  1. 🚨 Critical Apache Tomcat vulns (CVE-2025-31651/31650) let attackers crash or take over SUSE Linux servers. Patch guide:👉 https://t.co/jM0ryP0uLv #DevOps #InfoSec https://t.co/PkGDe3WZpn

    @Cezar_H_Linux

    13 May 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 【CVE-2025-31650・CVE-2025-31651】2つの重大な脆弱性修正を含む最新安定版「Tomcat 11.0.6」へのアップデートのススメ https://t.co/z0dDhgH2sz @nikkeimatomeより

    @nikkeimatome

    9 May 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. [JVNVU#93256936] Apache Tomcatにおける複数の脆弱性(CVE-2025-31650、CVE-2025-31651) https://t.co/spHVEWtXLC #jvn #脆弱性 #セキュリティ

    @jpsecuritynews

    9 May 2025

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. JVNVU#93256936 Apache Tomcatにおける複数の脆弱性(CVE-2025-31650、CVE-2025-31651) https://t.co/ATFp9a3QiB ご利用の方は早めの対応を。

    @Syynya

    8 May 2025

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. JVNVU#93256936: Apache Tomcatにおける複数の脆弱性(CVE-2025-31650、CVE-2025-31651) https://t.co/jtIzMisJnV

    @Luke06121

    8 May 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. JVN: Apache Tomcatにおける複数の脆弱性(CVE-2025-31650、CVE-2025-31651) https://t.co/ce5RtazJ4l

    @AileenWoodstock

    8 May 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. [2025/05/08 10:00 公表] Apache Tomcatにおける複数の脆弱性(CVE-2025-31650、CVE-2025-31651) https://t.co/zu1zoiNG7t

    @jvnjp

    8 May 2025

    269 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    1 Quote

  8. 🔴 Apache Tomcat, Security Bypass, #CVE-2025-31651 (Critical) https://t.co/Y9uhsU8fv3

    @dailycve

    5 May 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. Apache Sécurité, La vulnérabilité CVE-2025-31651 pourrait entraîner un Déni de service par surcharge des buffers. (Bulletin de sécurité – Mises à jour critiques des 8 et 9 avril 2025) https://t.co/mzBeaeDONW

    @NicolasCoolman

    4 May 2025

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. CVE-2025-31651 04/28/2025 08:15:20 PM Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specia... https://t.co/73qklIYcyG

    @CVETracker

    29 Apr 2025

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. ⚠️Vulnerabilidades en Apache Tomcat ❗CVE-2025-31650 ❗CVE-2025-31651 ➡️Más info: https://t.co/t8hU9AY3cz https://t.co/K85gRf1v9V

    @CERTpy

    29 Apr 2025

    125 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. 아파치 톰캣(Tomcat) 보안취약점(CVE-2025-31650, CVE-2025-31651) 패치 설치 권고 https://t.co/kdW3HaBWoS

    @virusmyths

    29 Apr 2025

    45 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. 🚨Alert🚨 CVE-2025-31650: Denial of Service via Invalid HTTP Prioritization Header & CVE-2025-31651: Rewrite Rule Bypass 📊10.6M+ Services are found on the https://t.co/ysWb28Crld yearly. 🔗Hunter Link:https://t.co/Pf8A56s3ZW 👇Query HUNTER : https://t.co/q9rtuGgxk7

    @HunterMapping

    29 Apr 2025

    2996 Impressions

    31 Retweets

    75 Likes

    25 Bookmarks

    0 Replies

    0 Quotes

  14. Apache Tomcat Security Update Fixes DoS and Rewrite Rule Bypass Flaws Apache Tomcat patches CVE-2025-31650 and CVE-2025-31651 to fix denial of service and rewrite rule bypass issues. Upgrade now to stay secure. https://t.co/WPVQNtl8bT

    @the_yellow_fall

    29 Apr 2025

    288 Impressions

    3 Retweets

    0 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  15. CVE-2025-31651 Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible f… https://t.co/ESmBBVmYMF

    @CVEnew

    28 Apr 2025

    331 Impressions

    2 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.