vulnerability

Alma Linux: CVE-2025-31651: Important: tomcat security update (Multiple Advisories)

Try Surface Command
Back to search
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
Dec 10, 2025
Added
Dec 15, 2025
Modified
Dec 18, 2025

Description

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible
for a specially crafted request to bypass some rewrite rules. If those
rewrite rules effectively enforced security constraints, those
constraints could be bypassed.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102.
The following versions were EOL at the time the CVE was created but are
known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions
may also be affected.

Users are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.

Solutions

alma-upgrade-tomcatalma-upgrade-tomcat-admin-webappsalma-upgrade-tomcat-docs-webappalma-upgrade-tomcat-el-3.0-apialma-upgrade-tomcat-jsp-2.3-apialma-upgrade-tomcat-libalma-upgrade-tomcat-servlet-4.0-apialma-upgrade-tomcat-webapps

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today