CVE-2025-31650

28.04.2025, 20:15

Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resulting in a denial of service.

This issue affects Apache Tomcat: from 9.0.76 through 9.0.102, from 10.1.10 through 10.1.39, from 11.0.0-M2 through 11.0.5.

Users are recommended to upgrade to version 9.0.104, 10.1.40 or 11.0.6 which fix the issue.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
apache	CNA	---				---
CVE	ADP	---				---
CISA-ADP	ADP	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 71%

Vendor	Product	Version
apache	tomcat	9.0.76 ≤ 𝑥 < 9.0.104
apache	tomcat	10.1.10 ≤ 𝑥 < 10.1.40
apache	tomcat	11.0.1 ≤ 𝑥 < 11.0.6
apache	tomcat	11.0.0:milestone10
apache	tomcat	11.0.0:milestone11
apache	tomcat	11.0.0:milestone12
apache	tomcat	11.0.0:milestone13
apache	tomcat	11.0.0:milestone14
apache	tomcat	11.0.0:milestone15
apache	tomcat	11.0.0:milestone16
apache	tomcat	11.0.0:milestone17
apache	tomcat	11.0.0:milestone18
apache	tomcat	11.0.0:milestone19
apache	tomcat	11.0.0:milestone2
apache	tomcat	11.0.0:milestone20
apache	tomcat	11.0.0:milestone21
apache	tomcat	11.0.0:milestone22
apache	tomcat	11.0.0:milestone23
apache	tomcat	11.0.0:milestone24
apache	tomcat	11.0.0:milestone25
apache	tomcat	11.0.0:milestone3
apache	tomcat	11.0.0:milestone4
apache	tomcat	11.0.0:milestone5
apache	tomcat	11.0.0:milestone6
apache	tomcat	11.0.0:milestone7
apache	tomcat	11.0.0:milestone8
apache	tomcat	11.0.0:milestone9

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

tomcat10

bookworm	vulnerable
bookworm (security)	vulnerable
bullseye	postponed
trixie	10.1.40-1 fixed
sid	10.1.40-1 fixed

tomcat11

trixie	11.0.6-1 fixed
sid	11.0.6-1 fixed
bullseye	postponed

tomcat9

bullseye	postponed
bullseye (security)	vulnerable
bookworm	9.0.70-2 fixed
trixie	9.0.95-1 fixed
sid	9.0.95-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

tomcat10

plucky	needed
oracular	ignored
noble	needed
jammy	dne
focal	dne

tomcat6

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	dne
xenial	not-affected
trusty	not-affected

tomcat7

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	not-affected
xenial	not-affected
trusty	not-affected

tomcat8

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	not-affected
xenial	not-affected

tomcat9

plucky	not-affected
oracular	not-affected
noble	not-affected
jammy	not-affected
focal	not-affected
bionic	not-affected

Common Weakness Enumeration

CWE-459 - Incomplete Cleanup
The software does not properly "clean up" and remove temporary or supporting resources after they have been used.

Vulnerability Media Exposure

[GERMAN] IBM QRadar SIEM: Mehrere Schwachstellen
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM ausnutzen, um Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen, um beliebige Befehle auszuführen und um nicht näher spezifizierte Auswirkungen zu verursachen.
Published: 2025-06-19T22:00:00+00:00

References

https://lists.apache.org/thread/j6zzk0y3yym9pzfzkq5vcyxzz0yzh826

http://www.openwall.com/lists/oss-security/2025/04/28/2