Session Fixation vulnerability in Apache Tomcat via rewrite valve.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105.
Older, EOL versions may also be affected.
Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105.
Older, EOL versions may also be affected.
Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Apache |
|
Configuration 1 [-]
|
No data.
OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.
| Vendors | Products |
|---|---|
| Apache |
|
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2025-24574 | Apache Tomcat Session Fixation vulnerability |
 Github GHSA |
GHSA-23hv-mwm6-g8jf | Apache Tomcat Session Fixation vulnerability |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Mon, 18 Aug 2025 18:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:milestone19:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:milestone20:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:milestone21:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:milestone22:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:milestone23:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:milestone24:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:milestone25:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:milestone26:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:milestone27:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:* |
Thu, 14 Aug 2025 06:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Apache
Apache tomcat |
|
| Vendors & Products |
Apache
Apache tomcat |
|
| References |
|
|
| Metrics |
threat_severity
|
threat_severity
|
Wed, 13 Aug 2025 14:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
cvssV3_1
|
Wed, 13 Aug 2025 13:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Session Fixation vulnerability in Apache Tomcat via rewrite valve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue. | |
| Title | Apache Tomcat: session fixation via rewrite valve | |
| Weaknesses | CWE-384 | |
| References |
|
MITRE
Status: PUBLISHED
Assigner: apache
Published:
Updated: 2025-08-13T13:39:26.761Z
Reserved: 2025-08-13T12:16:36.881Z
Link: CVE-2025-55668
Vulnrichment
Updated: 2025-08-13T13:38:57.635Z
NVD
Status : Analyzed
Published: 2025-08-13T14:15:33.330
Modified: 2025-08-18T18:44:38.637
Link: CVE-2025-55668
Redhat
OpenCVE Enrichment
Updated: 2025-08-13T21:47:00Z