VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-yzt8-watu-qkcs

Essentials
Severities (64)
References (18)
Severity details (20)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-yzt8-watu-qkcs
Aliases	CVE-2025-31651 GHSA-ff77-26x5-69cr
Summary	Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, those constraints could be bypassed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102. Users are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.
Status	Published
Exploitability	0.5
Weighted Severity	8.8
Risk	4.4
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-150	Improper Neutralization of Escape, Meta, or Control Sequences
CWE-116	Improper Encoding or Escaping of Output
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3	4.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-31651.json
cvssv3	5.3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-31651.json
cvssv3	7.3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-31651.json
epss	0.0002	https://api.first.org/data/v1/epss?cve=CVE-2025-31651
epss	0.0002	https://api.first.org/data/v1/epss?cve=CVE-2025-31651
epss	0.0002	https://api.first.org/data/v1/epss?cve=CVE-2025-31651
epss	0.0002	https://api.first.org/data/v1/epss?cve=CVE-2025-31651
epss	0.0002	https://api.first.org/data/v1/epss?cve=CVE-2025-31651
epss	0.00026	https://api.first.org/data/v1/epss?cve=CVE-2025-31651
epss	0.00026	https://api.first.org/data/v1/epss?cve=CVE-2025-31651
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2025-31651
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2025-31651
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2025-31651
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2025-31651
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2025-31651
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2025-31651
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2025-31651
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2025-31651
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2025-31651
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2025-31651
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2025-31651
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2025-31651
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2025-31651
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2025-31651
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2025-31651
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2025-31651
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2025-31651
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2025-31651
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2025-31651
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2025-31651
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2025-31651
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2025-31651
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2025-31651
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2025-31651
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2025-31651
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2025-31651
epss	0.00073	https://api.first.org/data/v1/epss?cve=CVE-2025-31651
epss	0.00073	https://api.first.org/data/v1/epss?cve=CVE-2025-31651
epss	0.00167	https://api.first.org/data/v1/epss?cve=CVE-2025-31651
epss	0.00167	https://api.first.org/data/v1/epss?cve=CVE-2025-31651
epss	0.00167	https://api.first.org/data/v1/epss?cve=CVE-2025-31651
epss	0.00167	https://api.first.org/data/v1/epss?cve=CVE-2025-31651
epss	0.00167	https://api.first.org/data/v1/epss?cve=CVE-2025-31651
epss	0.00167	https://api.first.org/data/v1/epss?cve=CVE-2025-31651
epss	0.00167	https://api.first.org/data/v1/epss?cve=CVE-2025-31651
epss	0.00167	https://api.first.org/data/v1/epss?cve=CVE-2025-31651
epss	0.00167	https://api.first.org/data/v1/epss?cve=CVE-2025-31651
apache_tomcat	Low	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31651
cvssv3.1	7.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	LOW	https://github.com/advisories/GHSA-ff77-26x5-69cr
generic_textual	LOW	https://github.com/apache/tomcat
generic_textual	LOW	https://github.com/apache/tomcat/commit/066bf6b6a15a4e7e0941d4acf096841165b97098
generic_textual	LOW	https://github.com/apache/tomcat/commit/175dc75fc428930034a6c93fb52f830d955d8e64
generic_textual	LOW	https://github.com/apache/tomcat/commit/ee3ab548e92345eca0cbd1f01649eb36c6f29454
generic_textual	LOW	https://github.com/apache/tomcat/commit/fbecc915a10c5a3d634c5e2c6ced4ff479ce9953
cvssv3.1	9.8	https://lists.apache.org/list.html?announce@tomcat.apache.org
generic_textual	LOW	https://lists.apache.org/list.html?announce@tomcat.apache.org
ssvc	Track	https://lists.apache.org/list.html?announce@tomcat.apache.org
cvssv3.1	9.8	https://nvd.nist.gov/vuln/detail/CVE-2025-31651
generic_textual	LOW	https://nvd.nist.gov/vuln/detail/CVE-2025-31651
generic_textual	LOW	https://tomcat.apache.org/security-10.html
generic_textual	LOW	https://tomcat.apache.org/security-11.html
generic_textual	LOW	https://tomcat.apache.org/security-9.html
generic_textual	LOW	http://www.openwall.com/lists/oss-security/2025/04/28/3

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-31651.json
		https://api.first.org/data/v1/epss?cve=CVE-2025-31651
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/apache/tomcat
		https://github.com/apache/tomcat/commit/066bf6b6a15a4e7e0941d4acf096841165b97098
		https://github.com/apache/tomcat/commit/175dc75fc428930034a6c93fb52f830d955d8e64
		https://github.com/apache/tomcat/commit/ee3ab548e92345eca0cbd1f01649eb36c6f29454
		https://github.com/apache/tomcat/commit/fbecc915a10c5a3d634c5e2c6ced4ff479ce9953
		https://lists.apache.org/list.html?announce@tomcat.apache.org
		https://tomcat.apache.org/security-10.html
		https://tomcat.apache.org/security-11.html
		https://tomcat.apache.org/security-9.html
		http://www.openwall.com/lists/oss-security/2025/04/28/3
2362782		https://bugzilla.redhat.com/show_bug.cgi?id=2362782
cpe:2.3:a:apache:tomcat::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat::::::::
CVE-2025-31651		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31651
CVE-2025-31651		https://nvd.nist.gov/vuln/detail/CVE-2025-31651
GHSA-ff77-26x5-69cr		https://github.com/advisories/GHSA-ff77-26x5-69cr

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-31651.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-31651.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-31651.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.apache.org/list.html?announce@tomcat.apache.org

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-06T20:12:56Z/ Found at https://lists.apache.org/list.html?announce@tomcat.apache.org

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2025-31651

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.03662
EPSS Score	0.0002
Published At	April 29, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-04-29T00:32:29.936029+00:00	Apache Tomcat Importer	Import	https://tomcat.apache.org/security-11.html	36.0.0