CVE-2025-61581

EPSS 0.2%
Veröffentlicht 16.10.2025 08:40:11
Zuletzt bearbeitet 04.11.2025 22:16:36
Quelle security@apache.org
CVE-Watchlists
Login
Unerledigt
Login

** UNSUPPORTED WHEN ASSIGNED ** Inefficient Regular Expression Complexity vulnerability in Apache Traffic Control.

This issue affects Apache Traffic Control: all versions.

People with access to the management interface of the Traffic Router component could specify malicious patterns and cause unavailability.

As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.

NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Traffic Control Version <= 8.0.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.2%	0.42

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1333 Inefficient Regular Expression Complexity

The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.

https://lists.apache.org/thread/mx2jxgnlop2f4vbqnvmrldh4pqmobxvp

Vendor Advisory

Mailing List

http://www.openwall.com/lists/oss-security/2025/10/16/3

https://nvd.nist.gov/vuln/detail/CVE-2025-61581

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-61581

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-61581

EUVD