Main Vulnerability Database Vulnerabilities #VU118829

#VU118829 Inefficient regular expression complexity in Apache Traffic Control - CVE-2025-61581

Published: November 28, 2025

Vulnerability identifier: #VU118829

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-61581

CWE-ID: CWE-1333

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Apache Traffic Control

Software vendor:
Apache Foundation

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation when processing untrusted input with a regular expressions. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.

Remediation

Note, the product is no longer supported by the vendor. It is recommended to migrate to another solution.

External links

https://lists.apache.org/thread/36s2xq8g5tjkb229znmsw534jf7pt98w

#VU118829 Inefficient regular expression complexity in Apache Traffic Control - CVE-2025-61581

Description

Remediation

External links

Please verify you're human