CVE-2025-46701

HIGH

Apache Tomcat <11.0.6 - Security Constraint Bypass

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2025-46701. PoCs published by gregk4sec.

AI-analyzed exploit summary The repository provides a detailed technical analysis of CVE-2025-46701, a vulnerability in Apache Tomcat involving improper handling of case sensitivity in CGIServlet. It explains security constraint bypass techniques via pathInfo and servletPath components, as well as arbitrary script RCE under specific conditions.

Description

Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.6, from 10.1.0-M1 through 10.1.40, from 9.0.0.M1 through 9.0.104. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.7, 10.1.41 or 9.0.105, which fixes the issue.

Exploits (2)

nomisec WRITEUP 2 stars

by gregk4sec · poc

https://github.com/gregk4sec/CVE-2025-46701-o

View Code ZIP pw:eip

The repository provides a detailed technical analysis of CVE-2025-46701, a vulnerability in Apache Tomcat involving improper handling of case sensitivity in CGIServlet. It explains security constraint bypass techniques via pathInfo and servletPath components, as well as arbitrary script RCE under specific conditions.

Classification

Writeup 95%

Attack Type

Auth Bypass | Rce

Complexity

Moderate

Reliability

Reliable

Target: Apache Tomcat (specific version not specified)

No auth needed

Prerequisites: CGIServlet enabled · case-insensitive directory · PUT method enabled in DefaultServlet (for RCE)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1078 - Valid Accounts T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Mar 09, 2026 Full analysis →

nomisec STUB 2 stars

by gregk4sec · poc

https://github.com/gregk4sec/CVE-2025-46701

View Code ZIP pw:eip

This repository contains only a README.md file referencing a PoC for CVE-2025-46701, but no actual exploit code or technical details are provided. The PoC is mentioned to be released on June 4, 2025, but no further information is available.

Classification

Stub 30%

Attack Type

Other

Complexity

Theoretical

Reliability

Theoretical

Target: Apache Tomcat (version unspecified)

No auth needed

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Mailing List, Vendor Advisory vendor-advisory

https://lists.apache.org/thread/xhqqk9w5q45srcdqhogdk04lhdscv30j

Mailing List

https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html

Mailing List, Third Party Advisory

http://www.openwall.com/lists/oss-security/2025/05/29/4

Scores

CVSS v3 7.3

EPSS 0.0013

EPSS Percentile 32.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-178

Status published

Products (3)

apache/tomcat 9.0.0 - 9.0.105

org.apache.tomcat/tomcat-catalina 9.0.0.M1 - 9.0.105Maven

org.apache.tomcat.embed/tomcat-embed-core 9.0.0.M1 - 9.0.105Maven

Published May 29, 2025

Tracked Since Feb 18, 2026