CVE-2025-31651CRITICAL 9.8EPSS p89.6%

CVE-2025-31651CVE-2025-31651

Description

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, those constraints could be bypassed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS4.18% probability of exploitation · percentile 89.6% · 2026-06-18T12:00:27Z
Published2025-04-28
Last modified2025-11-03

Underlying weaknesses· 1

CWE-116

References

  1. https://lists.apache.org/list.html?announce@tomcat.apache.org
  2. http://www.openwall.com/lists/oss-security/2025/04/28/3
  3. https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html

1

TypeTargetConfidenceTier
WeaknessImproper Encoding or Escaping of Outputcwe-1160%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-55754
CVE
CVE-2026-43515
CVE
CVE-2026-41293
CVE
CVE-2026-43512
CVE
CVE-2025-66614
CVE
Apache Tomcat Path Equivalence Vulnerability
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.