CVE-2025-55668 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.5 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
apache	CNA	---				---
CISA-ADP	ADP	6.5 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 1%

Vendor	Product	Version
apache	tomcat	9.0.1 ≤ 𝑥 < 9.0.106
apache	tomcat	10.0.0 ≤ 𝑥 < 10.1.42
apache	tomcat	11.0.0 ≤ 𝑥 < 11.0.8
apache	tomcat	9.0.0:milestone1
apache	tomcat	9.0.0:milestone10
apache	tomcat	9.0.0:milestone11
apache	tomcat	9.0.0:milestone12
apache	tomcat	9.0.0:milestone13
apache	tomcat	9.0.0:milestone14
apache	tomcat	9.0.0:milestone15
apache	tomcat	9.0.0:milestone16
apache	tomcat	9.0.0:milestone17
apache	tomcat	9.0.0:milestone18
apache	tomcat	9.0.0:milestone19
apache	tomcat	9.0.0:milestone2
apache	tomcat	9.0.0:milestone20
apache	tomcat	9.0.0:milestone21
apache	tomcat	9.0.0:milestone22
apache	tomcat	9.0.0:milestone23
apache	tomcat	9.0.0:milestone24
apache	tomcat	9.0.0:milestone25
apache	tomcat	9.0.0:milestone26
apache	tomcat	9.0.0:milestone27
apache	tomcat	9.0.0:milestone3
apache	tomcat	9.0.0:milestone4
apache	tomcat	9.0.0:milestone5
apache	tomcat	9.0.0:milestone6
apache	tomcat	9.0.0:milestone7
apache	tomcat	9.0.0:milestone8
apache	tomcat	9.0.0:milestone9

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

tomcat10

bookworm	vulnerable
bookworm (security)	vulnerable
forky	vulnerable
sid	vulnerable
trixie	vulnerable

tomcat11

forky	vulnerable
sid	vulnerable
trixie	vulnerable

tomcat9

bullseye	vulnerable
bullseye (security)	9.0.107-0+deb11u1 fixed
bookworm	9.0.70-2 fixed
forky	9.0.95-1 fixed
sid	9.0.95-1 fixed
trixie	9.0.95-1 fixed

Common Weakness Enumeration

CWE-384 - Session Fixation
Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

References

https://lists.apache.org/thread/v6bknr96rl7l1qxkl1c03v0qdvbbqs47