Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-31651 PoC — Apache Tomcat: Bypass of rules in Rewrite Valve

Source
https://github.com/gregk4sec/CVE-2025-31651
Associated Vulnerability
Title:Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)
Description:Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, those constraints could be bypassed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.
Description
CVE Discovered by Greg K
Readme
# CVE-2025-31651
CVE Discovered by Greg K

## 0x01 Status
Privately, waiting for official disclosure

## 0x02 PoC

## 0x03 Finder
This cve is identified by [Greg K](https://github.com/gregk4sec)
File Snapshot

 [4.0K]  /data/pocs/bafbcadc3982ba0d7ebd7f9df30a4ec72b771cf3
├── [ 11K]  LICENSE
└── [ 195]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →