{"uuid": "98af8d2b-3673-43a3-b9f3-65b7b5de51e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-31651", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13747", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31651\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\u00a0For a subset of unlikely rewrite rule configurations, it was possible \nfor a specially crafted request to bypass some rewrite rules. If those \nrewrite rules effectively enforced security constraints, those \nconstraints could be bypassed.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102.\n\nUsers are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.\n\ud83d\udccf Published: 2025-04-28T19:17:21.721Z\n\ud83d\udccf Modified: 2025-04-28T22:02:47.596Z\n\ud83d\udd17 References:\n1. https://lists.apache.org/list.html?announce@tomcat.apache.org", "creation_timestamp": "2025-04-28T22:10:53.000000Z"}