CVE-2025-61581
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-16

Last updated on: 2025-11-04

Assigner: Apache Software Foundation

Description
** UNSUPPORTED WHEN ASSIGNED ** Inefficient Regular Expression Complexity vulnerability in Apache Traffic Control. This issue affects Apache Traffic Control: all versions. People with access to the management interface of the Traffic Router component could specify malicious patterns and cause unavailability. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-16
Last Modified
2025-11-04
Generated
2026-06-16
AI Q&A
2025-10-16
EPSS Evaluated
2026-06-15
NVD
CVE-2025-61581
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
apache traffic_control to 8.0.2 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1333 The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an Inefficient Regular Expression Complexity issue in Apache Traffic Control. It allows someone with access to the management interface of the Traffic Router component to specify malicious regular expression patterns that can cause the system to become unavailable.

Impact Analysis

If exploited, this vulnerability can cause unavailability of the Apache Traffic Control system, potentially disrupting services that rely on it.

Mitigation Strategies

Since Apache Traffic Control is retired and no fix will be released, immediate mitigation steps include restricting access to the Traffic Router management interface to trusted users only, or migrating to an alternative supported product.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-61581. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart