CVE-2025-55668

MEDIUM

Apache Tomcat <11.0.7, <10.1.41, <9.0.105 - Session Fixation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-55668. PoCs published by gregk4sec.

AI-analyzed exploit summary The repository contains only a README.md file describing CVE-2025-55668, which is a session fixation vulnerability in Apache Tomcat via the rewrite valve. No exploit code or technical details are provided.

Description

Session Fixation vulnerability in Apache Tomcat via rewrite valve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.

Exploits (1)

nomisec WRITEUP
by gregk4sec · poc
https://github.com/gregk4sec/CVE-2025-55668

The repository contains only a README.md file describing CVE-2025-55668, which is a session fixation vulnerability in Apache Tomcat via the rewrite valve. No exploit code or technical details are provided.

Classification
Writeup 30%
Attack Type
Auth Bypass
Complexity
Theoretical
Reliability
Theoretical
Target: Apache Tomcat (version unspecified)
No auth needed
Prerequisites: Access to a vulnerable Apache Tomcat instance with rewrite valve enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 6.5
EPSS 0.0005
EPSS Percentile 17.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-384
Status published
Products (3)
apache/tomcat 9.0.0 milestone1 (27 CPE variants)
apache/tomcat 9.0.1 - 9.0.106
org.apache.tomcat/tomcat-catalina 11.0.0-M1 - 11.0.8Maven
Published Aug 13, 2025
Tracked Since Feb 18, 2026