1. Apache Tomcat CGI Servlet Security Flaw Exposes PathInfo Bypass Risk (CVE-2025-46701)
A newly disclosed vulnerability in Apache Tomcat's CGI servlet could allow attackers to bypass critical security constraints. Tracked as CVE-2025-46701 (GHSA-h2fw-rfh5-95r3), the flaw stems from improper handling of case sensitivity in the pathInfo component of a URI mapped to the servlet. This weakness creates a poten...