VulnerableCode Vulnerability Details

Search for vulnerabilities

System	Score	Found at
cvssv3	6.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-46701.json
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2025-46701
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2025-46701
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2025-46701
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2025-46701
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2025-46701
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2025-46701
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2025-46701
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2025-46701
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2025-46701
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2025-46701
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2025-46701
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2025-46701
epss	0.00036	https://api.first.org/data/v1/epss?cve=CVE-2025-46701
apache_tomcat	Low	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46701
cvssv3.1	6.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	LOW	https://github.com/advisories/GHSA-h2fw-rfh5-95r3
generic_textual	LOW	https://github.com/apache/tomcat
generic_textual	LOW	https://github.com/apache/tomcat/commit/0f01966eb60015d975525019e12a087f05ebf01a
generic_textual	LOW	https://github.com/apache/tomcat/commit/238d2aa54b99f91d1111467e2237d2244c64e558
generic_textual	LOW	https://github.com/apache/tomcat/commit/2c6800111e7d8d8d5403c07978ea9bff3db5a5a5
generic_textual	LOW	https://github.com/apache/tomcat/commit/8cb95ff03221067c511b3fa66d4f745bc4b0a605
generic_textual	LOW	https://github.com/apache/tomcat/commit/8df00018a252baa9497615d6420fb6c10466fa74
generic_textual	LOW	https://github.com/apache/tomcat/commit/fab7247d2f0e3a29d5daef565f829f383e10e5e2
cvssv3.1	7.3	https://lists.apache.org/thread/xhqqk9w5q45srcdqhogdk04lhdscv30j
generic_textual	LOW	https://lists.apache.org/thread/xhqqk9w5q45srcdqhogdk04lhdscv30j
ssvc	Track	https://lists.apache.org/thread/xhqqk9w5q45srcdqhogdk04lhdscv30j
generic_textual	LOW	https://nvd.nist.gov/vuln/detail/CVE-2025-46701
archlinux	High	https://security.archlinux.org/AVG-2888
archlinux	High	https://security.archlinux.org/AVG-2889
generic_textual	LOW	https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.41
generic_textual	LOW	https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.7
generic_textual	LOW	https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.105
generic_textual	LOW	http://www.openwall.com/lists/oss-security/2025/05/29/4

System

Score

Found at

cvssv3

6.5

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-46701.json

epss

0.00036

https://api.first.org/data/v1/epss?cve=CVE-2025-46701

epss

0.00036

https://api.first.org/data/v1/epss?cve=CVE-2025-46701

epss

0.00036

https://api.first.org/data/v1/epss?cve=CVE-2025-46701

epss

0.00036

https://api.first.org/data/v1/epss?cve=CVE-2025-46701

epss

0.00036

https://api.first.org/data/v1/epss?cve=CVE-2025-46701

epss

0.00036

https://api.first.org/data/v1/epss?cve=CVE-2025-46701

epss

0.00036

https://api.first.org/data/v1/epss?cve=CVE-2025-46701

epss

0.00036

https://api.first.org/data/v1/epss?cve=CVE-2025-46701

epss

0.00036

https://api.first.org/data/v1/epss?cve=CVE-2025-46701

epss

0.00036

https://api.first.org/data/v1/epss?cve=CVE-2025-46701

epss

0.00036

https://api.first.org/data/v1/epss?cve=CVE-2025-46701

epss

0.00036

https://api.first.org/data/v1/epss?cve=CVE-2025-46701

epss

0.00036

https://api.first.org/data/v1/epss?cve=CVE-2025-46701

apache_tomcat

Low

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46701

cvssv3.1

6.5

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

cvssv3.1_qr

LOW

https://github.com/advisories/GHSA-h2fw-rfh5-95r3

generic_textual

LOW

https://github.com/apache/tomcat

generic_textual

LOW

https://github.com/apache/tomcat/commit/0f01966eb60015d975525019e12a087f05ebf01a

generic_textual

LOW

https://github.com/apache/tomcat/commit/238d2aa54b99f91d1111467e2237d2244c64e558

generic_textual

LOW

https://github.com/apache/tomcat/commit/2c6800111e7d8d8d5403c07978ea9bff3db5a5a5

generic_textual

LOW

https://github.com/apache/tomcat/commit/8cb95ff03221067c511b3fa66d4f745bc4b0a605

generic_textual

LOW

https://github.com/apache/tomcat/commit/8df00018a252baa9497615d6420fb6c10466fa74

generic_textual

LOW

https://github.com/apache/tomcat/commit/fab7247d2f0e3a29d5daef565f829f383e10e5e2

cvssv3.1

7.3

https://lists.apache.org/thread/xhqqk9w5q45srcdqhogdk04lhdscv30j

generic_textual

LOW

https://lists.apache.org/thread/xhqqk9w5q45srcdqhogdk04lhdscv30j

ssvc

Track

https://lists.apache.org/thread/xhqqk9w5q45srcdqhogdk04lhdscv30j

generic_textual

LOW

https://nvd.nist.gov/vuln/detail/CVE-2025-46701

archlinux

High

https://security.archlinux.org/AVG-2888

archlinux

High

https://security.archlinux.org/AVG-2889

generic_textual

LOW

https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.41

generic_textual

LOW

https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.7

generic_textual

LOW

https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.105

generic_textual

LOW

http://www.openwall.com/lists/oss-security/2025/05/29/4

Reference id

Reference type

URL

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-46701.json

https://api.first.org/data/v1/epss?cve=CVE-2025-46701

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

https://github.com/apache/tomcat

https://github.com/apache/tomcat/commit/0f01966eb60015d975525019e12a087f05ebf01a

https://github.com/apache/tomcat/commit/238d2aa54b99f91d1111467e2237d2244c64e558

https://github.com/apache/tomcat/commit/2c6800111e7d8d8d5403c07978ea9bff3db5a5a5

https://github.com/apache/tomcat/commit/8cb95ff03221067c511b3fa66d4f745bc4b0a605

https://github.com/apache/tomcat/commit/8df00018a252baa9497615d6420fb6c10466fa74

https://github.com/apache/tomcat/commit/fab7247d2f0e3a29d5daef565f829f383e10e5e2

https://lists.apache.org/thread/xhqqk9w5q45srcdqhogdk04lhdscv30j

https://nvd.nist.gov/vuln/detail/CVE-2025-46701

https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.41

https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.7

https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.105

http://www.openwall.com/lists/oss-security/2025/05/29/4

1106820

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106820

2369253

https://bugzilla.redhat.com/show_bug.cgi?id=2369253

AVG-2888

https://security.archlinux.org/AVG-2888

AVG-2889

https://security.archlinux.org/AVG-2889

cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*

CVE-2025-46701

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46701

GHSA-h2fw-rfh5-95r3

https://github.com/advisories/GHSA-h2fw-rfh5-95r3

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Date	Actor	Action	Source	VulnerableCode Version
2025-07-01T11:52:37.425719+00:00	Arch Linux Importer	Import	https://security.archlinux.org/AVG-2889	36.1.3

2025-07-01T11:52:37.425719+00:00

Arch Linux Importer

Import

https://security.archlinux.org/AVG-2889

36.1.3

Vulnerability ID	VCID-3d52-ddu8-nkez
Aliases	CVE-2025-46701 GHSA-h2fw-rfh5-95r3
Summary	multiple issues
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

CWE-178	Improper Handling of Case Sensitivity
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

Percentile	0.09163
EPSS Score	0.00036
Published At	June 30, 2025, 12:55 p.m.