Skip to main content
A Singapore Government Agency Website How to identify
Official website links end with .gov.sg
Government agencies communicate via .gov.sg websites (e.g. go.gov.sg/open). Trusted websites
Secure websites use HTTPS
Look for a lock () or https:// as an added precaution. Share sensitive information only on official, secure websites.

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
Alerts

High-Severity Vulnerability in Apache Tomcat CGI Servlet

6 June 2025

The Apache Software Foundation has released security updates addressing a high-severity vulnerability (CVE-2025-46701) in its Tomcat Common Gateway Interface (CGI) Servlet.

Background

The Apache Software Foundation has released security updates addressing a high-severity vulnerability (CVE-2025-46701) in its Tomcat Common Gateway Interface (CGI) Servlet.

Impact

Successful exploitation of the vulnerability could allow an attacker to bypass configured security constraints to gain unauthorised access to restricted CGI resources using specially crafted URLs.

Affected Products

The vulnerabilities affect the following products:

  • Apache Tomcat 11.0.0-M1 through 11.0.6

  • Apache Tomcat 10.1.0-M1 through 10.1.40

  • Apache Tomcat 9.0.0.M1 through 9.0.104

Mitigation

Users and administrators of affected products are advised to update to the latest versions.

References

https://lists.apache.org/thread/xhqqk9w5q45srcdqhogdk04lhdscv30j

https://cybersecuritynews.com/apache-tomcat-cgi-servlet-vulnerability/

https://nvd.nist.gov/vuln/detail/CVE-2025-46701

Back to top