{"id":"CVE-2025-55668","details":"Session Fixation vulnerability in Apache Tomcat via rewrite valve.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105.\nOlder, EOL versions may also be affected.\n\nUsers are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.","aliases":["BIT-tomcat-2025-55668","GHSA-23hv-mwm6-g8jf"],"modified":"2026-02-12T01:31:50.791426Z","published":"2025-08-13T14:15:33.330Z","references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2025/08/13/3"},{"type":"ADVISORY","url":"https://lists.apache.org/thread/v6bknr96rl7l1qxkl1c03v0qdvbbqs47"},{"type":"ARTICLE","url":"https://lists.apache.org/thread/v6bknr96rl7l1qxkl1c03v0qdvbbqs47"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/tomcat","events":[{"introduced":"3c78e95e36268dfb76db1570f0cf49104fa6eabc"},{"fixed":"05ccf0c3e22d388f0cf853e32485d8249d051f2f"},{"introduced":"4c8b650437e2464c1c31c6598a263b3805b7a81f"},{"fixed":"0289da4f342744334e0fc5a53ee958e68024fead"},{"introduced":"56e547d387ab49f688c93fe9ca082b1b5d94deed"},{"fixed":"8a48dcb90f13f1670632e763e945f4cc9ef869e6"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-55668.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}]}