{"id":"CVE-2025-55668","details":"Session Fixation vulnerability in Apache Tomcat via rewrite valve.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105.\nOlder, EOL versions may also be affected.\n\nUsers are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.","aliases":["BIT-tomcat-2025-55668","GHSA-23hv-mwm6-g8jf"],"modified":"2026-04-10T05:26:20.094054Z","published":"2025-08-13T14:15:33.330Z","references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2025/08/13/3"},{"type":"ADVISORY","url":"https://lists.apache.org/thread/v6bknr96rl7l1qxkl1c03v0qdvbbqs47"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/tomcat","events":[{"introduced":"3c78e95e36268dfb76db1570f0cf49104fa6eabc"},{"fixed":"05ccf0c3e22d388f0cf853e32485d8249d051f2f"},{"introduced":"4c8b650437e2464c1c31c6598a263b3805b7a81f"},{"fixed":"0289da4f342744334e0fc5a53ee958e68024fead"},{"introduced":"56e547d387ab49f688c93fe9ca082b1b5d94deed"},{"fixed":"8a48dcb90f13f1670632e763e945f4cc9ef869e6"},{"introduced":"0"},{"last_affected":"29b07def810d335012e738b22ab44d4e232b50d1"},{"introduced":"0"},{"last_affected":"10e04de1946981261a734507f4a6d953e2a206fe"},{"introduced":"0"},{"last_affected":"65ddc3a3872ea41ca67fec7b6834c704b6893361"},{"introduced":"0"},{"last_affected":"b5a74e3c7913c560648f0ffedfbbb3ebe4318def"},{"introduced":"0"},{"last_affected":"de128d72af746184e035ff1b53629f08cb141a04"},{"introduced":"0"},{"last_affected":"aac670afe1226e10513021100fce8a12344743c6"},{"introduced":"0"},{"last_affected":"c2c8107f0cea4755497a85990807b883b66f6b57"},{"introduced":"0"},{"last_affected":"8c48678b110f3fbbe66f6dde0e45d2578fa92c29"},{"introduced":"0"},{"last_affected":"9c5edb840d9413c1408e7c191bc0e1bbfcd9e07f"},{"introduced":"0"},{"last_affected":"59e713216cf2256aacc54f6ba627865f356f9e4e"},{"introduced":"0"},{"last_affected":"7dc5e29fe49850102261badf158752d6865311e4"},{"introduced":"0"},{"last_affected":"18b014d8691909be6153ae7db022a6c35f9c93ea"},{"introduced":"0"},{"last_affected":"600dc8ba5d9be7599d29bff83c342213d93b034e"},{"introduced":"0"},{"last_affected":"3bd48aab236e5bf0ed1644e9f0c588fd20e503ab"},{"introduced":"0"},{"last_affected":"642d3dd4d50ea1f03f9827962e4fc982a123bb78"},{"introduced":"0"},{"last_affected":"24566c02fb917a6ca1b6479a60971b0d8acd895c"},{"introduced":"0"},{"last_affected":"cac0e029dcced854eeca7444710e78e412dc2c2a"},{"introduced":"0"},{"last_affected":"c5efed313de1a181f4f9f98f5023117f3b911257"},{"introduced":"0"},{"last_affected":"ab04166fac59fcf9b3be3aab1c8b896842782d4c"},{"introduced":"0"},{"last_affected":"35071e7e52f296b9187b054b0efd74121b7db3bd"},{"introduced":"0"},{"last_affected":"d1dc05e934e089ea8907998cf850760017a0ed82"},{"introduced":"0"},{"last_affected":"fd7f13635e6855f6ba3fead0bf37ba2fbf8b68cf"},{"introduced":"0"},{"last_affected":"c7b84102600d600bcc527560d9c4d10c3fd440ab"},{"introduced":"0"},{"last_affected":"d8ebf61e51b4455e3c226751e492a533f9002d48"},{"introduced":"0"},{"last_affected":"aba238718ac9b149d25feaa9a14ecad3b0e3a5e2"},{"introduced":"0"},{"last_affected":"fe854ab1f111396458d98fa2ab08c693ce9407e1"},{"introduced":"0"},{"last_affected":"45f8fd74cdb96490fab8709263a4d862f0d429cf"}],"database_specific":{"versions":[{"introduced":"9.0.1"},{"fixed":"9.0.106"},{"introduced":"10.0.0"},{"fixed":"10.1.42"},{"introduced":"11.0.0"},{"fixed":"11.0.8"},{"introduced":"0"},{"last_affected":"9.0.0-milestone1"},{"introduced":"0"},{"last_affected":"9.0.0-milestone10"},{"introduced":"0"},{"last_affected":"9.0.0-milestone11"},{"introduced":"0"},{"last_affected":"9.0.0-milestone12"},{"introduced":"0"},{"last_affected":"9.0.0-milestone13"},{"introduced":"0"},{"last_affected":"9.0.0-milestone14"},{"introduced":"0"},{"last_affected":"9.0.0-milestone15"},{"introduced":"0"},{"last_affected":"9.0.0-milestone16"},{"introduced":"0"},{"last_affected":"9.0.0-milestone17"},{"introduced":"0"},{"last_affected":"9.0.0-milestone18"},{"introduced":"0"},{"last_affected":"9.0.0-milestone19"},{"introduced":"0"},{"last_affected":"9.0.0-milestone2"},{"introduced":"0"},{"last_affected":"9.0.0-milestone20"},{"introduced":"0"},{"last_affected":"9.0.0-milestone21"},{"introduced":"0"},{"last_affected":"9.0.0-milestone22"},{"introduced":"0"},{"last_affected":"9.0.0-milestone23"},{"introduced":"0"},{"last_affected":"9.0.0-milestone24"},{"introduced":"0"},{"last_affected":"9.0.0-milestone25"},{"introduced":"0"},{"last_affected":"9.0.0-milestone26"},{"introduced":"0"},{"last_affected":"9.0.0-milestone27"},{"introduced":"0"},{"last_affected":"9.0.0-milestone3"},{"introduced":"0"},{"last_affected":"9.0.0-milestone4"},{"introduced":"0"},{"last_affected":"9.0.0-milestone5"},{"introduced":"0"},{"last_affected":"9.0.0-milestone6"},{"introduced":"0"},{"last_affected":"9.0.0-milestone7"},{"introduced":"0"},{"last_affected":"9.0.0-milestone8"},{"introduced":"0"},{"last_affected":"9.0.0-milestone9"}]}}],"versions":["9.0.0-M1","9.0.0-M10","9.0.0-M11","9.0.0-M12","9.0.0-M13","9.0.0-M14","9.0.0-M15","9.0.0-M16","9.0.0-M17","9.0.0-M18","9.0.0-M19","9.0.0-M2","9.0.0-M20","9.0.0-M21","9.0.0-M22","9.0.0-M23","9.0.0-M24","9.0.0-M25","9.0.0-M26","9.0.0-M27","9.0.0-M3","9.0.0-M4","9.0.0-M5","9.0.0-M6","9.0.0-M7","9.0.0-M8","9.0.0-M9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-55668.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}]}