CVE-2025-61581
📊 7.5 HIGH⚡ 0.2%🎯 0 exploits
📅 Published Oct 16, 2025
📋 Status: Analyzed
** UNSUPPORTED WHEN ASSIGNED ** Inefficient Regular Expression Complexity vulnerability in Apache Traffic Control. This issue affects Apache Traffic Control: all versions. People with access to the management interface of the Traffic Router component could specify malicious patterns and cause unavailability. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVSS v3.1 • 134c704f-9b21-4f2e-91b3-4a467353bcc0
🎯 Affected Products & Systems
1 product configurations affected
Filter by type:
| Type | Vendor | Product | Version Range | Status | CPE String |
|---|---|---|---|---|---|
📱App | apache | traffic control | ≤ 8.0.2 | Vulnerable | cpe:2.3:a:apache:traffic_control:*:*:*:*:*:*:*:* |
📱
VulnerableApplication
Version: ≤ 8.0.2
CPE:
cpe:2.3:a:apache:traffic_control:*:*:*:*:*:*:*:*
Metrics
7.5 HIGHCVSS v3.1134c704f-9b21-4f2e-91b3-4a467353bcc0
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector:
NETWORK
Complexity:
LOW
Privileges:
NONE
User Interaction:
NONE
Confidentiality:
NONE
Integrity:
NONE
Availability:
HIGH
Scope:
UNCHANGED
🔍 Technical Details
Analysis Status
AnalyzedCVSS Details
7.5 (HIGH)v3.1
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
EPSS Details
0.2% (Minimal)39.7th percentile
Last updated: Oct 31, 2025
Exploitation probability within 30 days
Published Date
Oct 16, 2025 (17 days ago)
Last Modified
Oct 20, 2025 (13 days ago)
Security Weaknesses1
CWE-1333
References2
NVDgeneral