CVE-2025-61581

EPSS 0.34%
Veröffentlicht 16.10.2025 08:40:11
Zuletzt bearbeitet 04.11.2025 22:16:36
Quelle security@apache.org
CVE-Watchlists
Login
Unerledigt
Login

Apache Traffic Control: ReDoS issue in Traffic Router configuration

** UNSUPPORTED WHEN ASSIGNED ** Inefficient Regular Expression Complexity vulnerability in Apache Traffic Control.

This issue affects Apache Traffic Control: all versions.

People with access to the management interface of the Traffic Router component could specify malicious patterns and cause unavailability.

As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.

NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Traffic Control Version <= 8.0.2

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.34%	0.567

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1333 Inefficient Regular Expression Complexity

The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.

https://lists.apache.org/thread/mx2jxgnlop2f4vbqnvmrldh4pqmobxvp

Vendor Advisory

Mailing List

http://www.openwall.com/lists/oss-security/2025/10/16/3

https://nvd.nist.gov/vuln/detail/CVE-2025-61581

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-61581

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-61581

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-61581