Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-55668

Session Fixation vulnerability in Apache Tomcat via rewrite valve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.

Published

2025-08-13T14:15:33.330

Last Modified

2025-11-04T22:16:30.550

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-384

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apache	tomcat	< 9.0.106	Yes
Application	apache	tomcat	< 10.1.42	Yes
Application	apache	tomcat	< 11.0.8	Yes
Application	apache	tomcat	9.0.0	Yes
Application	apache	tomcat	9.0.0	Yes
Application	apache	tomcat	9.0.0	Yes
Application	apache	tomcat	9.0.0	Yes
Application	apache	tomcat	9.0.0	Yes
Application	apache	tomcat	9.0.0	Yes
Application	apache	tomcat	9.0.0	Yes
Application	apache	tomcat	9.0.0	Yes
Application	apache	tomcat	9.0.0	Yes
Application	apache	tomcat	9.0.0	Yes
Application	apache	tomcat	9.0.0	Yes
Application	apache	tomcat	9.0.0	Yes
Application	apache	tomcat	9.0.0	Yes
Application	apache	tomcat	9.0.0	Yes
Application	apache	tomcat	9.0.0	Yes
Application	apache	tomcat	9.0.0	Yes
Application	apache	tomcat	9.0.0	Yes
Application	apache	tomcat	9.0.0	Yes
Application	apache	tomcat	9.0.0	Yes
Application	apache	tomcat	9.0.0	Yes
Application	apache	tomcat	9.0.0	Yes
Application	apache	tomcat	9.0.0	Yes
Application	apache	tomcat	9.0.0	Yes
Application	apache	tomcat	9.0.0	Yes
Application	apache	tomcat	9.0.0	Yes
Application	apache	tomcat	9.0.0	Yes
Application	apache	tomcat	9.0.0	Yes

References

https://lists.apache.org/thread/v6bknr96rl7l1qxkl1c03v0qdvbbqs47 Mailing List, Vendor Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2025/08/13/3 (af854a3a-2127-422b-91ae-364da2661108)