Home > Vulnerability Database > CVE-2025-61581

Mend.io Vulnerability Database

CVE-2025-61581

Date: October 16, 2025

** UNSUPPORTED WHEN ASSIGNED ** Inefficient Regular Expression Complexity vulnerability in Apache Traffic Control. This issue affects Apache Traffic Control: all versions. People with access to the management interface of the Traffic Router component could specify malicious patterns and cause unavailability. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Severity Score

7.5

Related Resources (6)

Url: http://www.openwall.com/lists/oss-security/2025/10/16/3

Url: https://github.com/apache/trafficcontrol

Url: https://github.com/advisories/GHSA-9m49-p2j3-c6xm

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-61581

Url: https://lists.apache.org/thread/mx2jxgnlop2f4vbqnvmrldh4pqmobxvp

Url: https://www.mend.io/vulnerability-database/CVE-2025-61581

Severity Score

7.5

Weakness Type (CWE)

Inefficient Regular Expression Complexity

CWE-1333

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-61581

Date: October 16, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?