Apache Tomcat Vulnerability Security Update Advisory (CVE-2025-46701)

May 30 2025

Overview

Apache Tomcat(https://tomcat.apache.org/) has released a security update that addresses a vulnerability in its shipped products. Users of affected products are advised to update to the latest version.

Affected Products

Apache Tomcat 9.0.0.M1 – 9.0.104

Apache Tomcat 11.0.0-M1 – 11.0.6

Apache Tomcat 10.1.0-M1 – 10.1.40

Resolved Vulnerabilities

CGI security constraint bypass vulnerability in Apache Tomcat caused by a crafted URL (CVE-2025-46701)

Vulnerability Patches

Please follow the security advisory published on May 29, 2025 to update to the applicable version and the latest version.

Apache Tomcat 9.0.105

Apache Tomcat 11.0.7

Apache Tomcat 10.1.41

Referenced Sites

[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46701

[2] https://tomcat.apache.org/security

Apache Tomcat Vulnerability Security Update Advisory (CVE-2025-46701)

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

IBM Product Update Advisory

Dell Product Update Advisory (CVE-2025-36564)

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Tags:

IBM Product Update Advisory

Dell Product Update Advisory (CVE-2025-36564)