Main Vulnerability Database Exploits ID:12485 - Exploit for Improper handling of case sensitivity in Apache Tomcat - CVE-2025-46701

ID:12485 - Exploit for Improper handling of case sensitivity in Apache Tomcat - CVE-2025-46701

Published: March 13, 2026

Vulnerability identifier: #VU109959

Vulnerability risk: Low

CVE-ID: CVE-2025-46701

CWE-ID: CWE-178

Exploitation vector: Remote access

Vulnerable software:
Apache Tomcat

Link to public exploit:

https://github.com/gregk4sec/CVE-2025-46701-o

Vulnerability description

The vulnerability allows a remote attacker to bypass security restrictions.

The vulnerability exists due to an error when handling URLs on a case insensitive filesystem with security constraints configured for the <code>pathInfo</code> component of a URL that mapped to the CGI servlet. A remote attacker can bypass imposed security constraints via a specially crafted URL.

Remediation

Install updates from vendor's website.

ID:12485 - Exploit for Improper handling of case sensitivity in Apache Tomcat - CVE-2025-46701

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human