CVE-2025-46701

HIGH

Apache Tomcat <11.0.6 - Security Constraint Bypass

Title source: llm

Description

Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.6, from 10.1.0-M1 through 10.1.40, from 9.0.0.M1 through 9.0.104. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.7, 10.1.41 or 9.0.105, which fixes the issue.

Exploits (2)

nomisec WRITEUP 2 stars

by gregk4sec · poc

https://github.com/gregk4sec/CVE-2025-46701-o

View Code ZIP pw:eip

nomisec STUB 2 stars

by gregk4sec · poc

https://github.com/gregk4sec/CVE-2025-46701

View Code ZIP pw:eip

References (3)

[Mailing List, Vendor Advisory] https://lists.apache.org/thread/xhqqk9w5q45srcdqhogdk04lhdscv30j

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2025/05/29/4

[Mailing List] https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html

Scores

CVSS v3 7.3

EPSS 0.0013

EPSS Percentile 32.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Details

CWE

CWE-178

Status published

Products (3)

apache/tomcat 9.0.0 - 9.0.105

org.apache.tomcat/tomcat-catalina 9.0.0.M1 - 9.0.105Maven

org.apache.tomcat.embed/tomcat-embed-core 9.0.0.M1 - 9.0.105Maven

Published May 29, 2025

Tracked Since Feb 18, 2026