CVE-2025-47287

EUVD-2025-15444

15.05.2025, 22:15

Tornado is a Python web framework and asynchronous networking library. When Tornado's ``multipart/form-data`` parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs, constituting a DoS attack. This DoS is compounded by the fact that the logging subsystem is synchronous. All versions of Tornado prior to 6.5.0 are affected. The vulnerable parser is enabled by default. Upgrade to Tornado version 6.50 to receive a patch. As a workaround, risk can be mitigated by blocking `Content-Type: multipart/form-data` in a proxy.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 78%

Affected Products (NVD)

Vendor	Product	Version
tornadoweb	tornado	𝑥 < 6.5.0
debian	debian_linux	11.0

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

python-tornado

bionic	ignored
focal	ignored
jammy	Fixed 6.1.0-3ubuntu0.1~esm2 released
noble	Fixed 6.4.0-1ubuntu0.2 released
oracular	Fixed 6.4.1-2ubuntu0.2 released
plucky	Fixed 6.4.2-1ubuntu0.25.04.1 released
questing	Fixed 6.4.2-2 released
resolute	Fixed 6.4.2-2 released
xenial	ignored

openSUSE / SLES Releases

openSUSE Product

Release

python2-tornado

suse enterprise server 15 SP2

4.5.3-150000.3.10.1

fixed

python3-salt

suse enterprise desktop 15 SP6	3006.0-150500.4.55.1 fixed
suse enterprise sap 15 SP6	3006.0-150500.4.55.1 fixed
suse enterprise server 15 SP3	3006.0-150300.53.94.1 fixed
suse enterprise server 15 SP4	3006.0-150400.8.80.1 fixed
suse enterprise server 15 SP5	3006.0-150500.4.55.1 fixed
suse enterprise server 15 SP6	3006.0-150500.4.55.1 fixed

python3-tornado

suse enterprise desktop 15 SP6	4.5.3-150000.3.10.1 fixed
suse enterprise sap 15 SP6	4.5.3-150000.3.10.1 fixed
suse enterprise server 15 SP2	4.5.3-150000.3.10.1 fixed
suse enterprise server 15 SP3	4.5.3-150000.3.10.1 fixed
suse enterprise server 15 SP4	4.5.3-150000.3.10.1 fixed
suse enterprise server 15 SP5	4.5.3-150000.3.10.1 fixed
suse enterprise server 15 SP6	4.5.3-150000.3.10.1 fixed

python311-salt

suse enterprise server 15 SP4

3006.0-150400.8.80.1

fixed

python311-tornado6

suse enterprise desktop 15 SP6	6.3.2-150400.9.9.1 fixed
suse enterprise desktop 15 SP7	6.3.2-150400.9.9.1 fixed
suse enterprise sap 15 SP6	6.3.2-150400.9.9.1 fixed
suse enterprise sap 15 SP7	6.3.2-150400.9.9.1 fixed
suse enterprise server 15 SP4	6.3.2-150400.9.9.1 fixed
suse enterprise server 15 SP5	6.3.2-150400.9.9.1 fixed
suse enterprise server 15 SP6	6.3.2-150400.9.9.1 fixed
suse enterprise server 15 SP7	6.3.2-150400.9.9.1 fixed

salt

suse enterprise desktop 15 SP6	3006.0-150500.4.55.1 fixed
suse enterprise sap 15 SP6	3006.0-150500.4.55.1 fixed
suse enterprise server 15 SP3	3006.0-150300.53.94.1 fixed
suse enterprise server 15 SP4	3006.0-150400.8.80.1 fixed
suse enterprise server 15 SP5	3006.0-150500.4.55.1 fixed
suse enterprise server 15 SP6	3006.0-150500.4.55.1 fixed

salt-api

suse enterprise sap 15 SP6	3006.0-150500.4.55.1 fixed
suse enterprise server 15 SP3	3006.0-150300.53.94.1 fixed
suse enterprise server 15 SP4	3006.0-150400.8.80.1 fixed
suse enterprise server 15 SP5	3006.0-150500.4.55.1 fixed
suse enterprise server 15 SP6	3006.0-150500.4.55.1 fixed

salt-bash-completion

suse enterprise desktop 15 SP6	3006.0-150500.4.55.1 fixed
suse enterprise sap 15 SP6	3006.0-150500.4.55.1 fixed
suse enterprise server 15 SP3	3006.0-150300.53.94.1 fixed
suse enterprise server 15 SP4	3006.0-150400.8.80.1 fixed
suse enterprise server 15 SP5	3006.0-150500.4.55.1 fixed
suse enterprise server 15 SP6	3006.0-150500.4.55.1 fixed

salt-cloud

suse enterprise sap 15 SP6	3006.0-150500.4.55.1 fixed
suse enterprise server 15 SP3	3006.0-150300.53.94.1 fixed
suse enterprise server 15 SP4	3006.0-150400.8.80.1 fixed
suse enterprise server 15 SP5	3006.0-150500.4.55.1 fixed
suse enterprise server 15 SP6	3006.0-150500.4.55.1 fixed

salt-doc

suse enterprise desktop 15 SP6	3006.0-150500.4.55.1 fixed
suse enterprise sap 15 SP6	3006.0-150500.4.55.1 fixed
suse enterprise server 15 SP3	3006.0-150300.53.94.1 fixed
suse enterprise server 15 SP4	3006.0-150400.8.80.1 fixed
suse enterprise server 15 SP5	3006.0-150500.4.55.1 fixed
suse enterprise server 15 SP6	3006.0-150500.4.55.1 fixed

salt-fish-completion

suse enterprise sap 15 SP6	3006.0-150500.4.55.1 fixed
suse enterprise server 15 SP3	3006.0-150300.53.94.1 fixed
suse enterprise server 15 SP4	3006.0-150400.8.80.1 fixed
suse enterprise server 15 SP5	3006.0-150500.4.55.1 fixed
suse enterprise server 15 SP6	3006.0-150500.4.55.1 fixed

salt-master

suse enterprise sap 15 SP6	3006.0-150500.4.55.1 fixed
suse enterprise server 15 SP3	3006.0-150300.53.94.1 fixed
suse enterprise server 15 SP4	3006.0-150400.8.80.1 fixed
suse enterprise server 15 SP5	3006.0-150500.4.55.1 fixed
suse enterprise server 15 SP6	3006.0-150500.4.55.1 fixed

salt-minion

suse enterprise desktop 15 SP6	3006.0-150500.4.55.1 fixed
suse enterprise sap 15 SP6	3006.0-150500.4.55.1 fixed
suse enterprise server 15 SP3	3006.0-150300.53.94.1 fixed
suse enterprise server 15 SP4	3006.0-150400.8.80.1 fixed
suse enterprise server 15 SP5	3006.0-150500.4.55.1 fixed
suse enterprise server 15 SP6	3006.0-150500.4.55.1 fixed

salt-proxy

suse enterprise sap 15 SP6	3006.0-150500.4.55.1 fixed
suse enterprise server 15 SP3	3006.0-150300.53.94.1 fixed
suse enterprise server 15 SP4	3006.0-150400.8.80.1 fixed
suse enterprise server 15 SP5	3006.0-150500.4.55.1 fixed
suse enterprise server 15 SP6	3006.0-150500.4.55.1 fixed

salt-ssh

suse enterprise sap 15 SP6	3006.0-150500.4.55.1 fixed
suse enterprise server 15 SP3	3006.0-150300.53.94.1 fixed
suse enterprise server 15 SP4	3006.0-150400.8.80.1 fixed
suse enterprise server 15 SP5	3006.0-150500.4.55.1 fixed
suse enterprise server 15 SP6	3006.0-150500.4.55.1 fixed

salt-standalone-formulas-configuration

suse enterprise sap 15 SP6	3006.0-150500.4.55.1 fixed
suse enterprise server 15 SP3	3006.0-150300.53.94.1 fixed
suse enterprise server 15 SP4	3006.0-150400.8.80.1 fixed
suse enterprise server 15 SP5	3006.0-150500.4.55.1 fixed
suse enterprise server 15 SP6	3006.0-150500.4.55.1 fixed

salt-syndic

suse enterprise sap 15 SP6	3006.0-150500.4.55.1 fixed
suse enterprise server 15 SP3	3006.0-150300.53.94.1 fixed
suse enterprise server 15 SP4	3006.0-150400.8.80.1 fixed
suse enterprise server 15 SP5	3006.0-150500.4.55.1 fixed
suse enterprise server 15 SP6	3006.0-150500.4.55.1 fixed

salt-transactional-update

suse enterprise server 15 SP3	3006.0-150300.53.94.1 fixed
suse enterprise server 15 SP4	3006.0-150400.8.80.1 fixed

salt-zsh-completion

suse enterprise desktop 15 SP6	3006.0-150500.4.55.1 fixed
suse enterprise sap 15 SP6	3006.0-150500.4.55.1 fixed
suse enterprise server 15 SP3	3006.0-150300.53.94.1 fixed
suse enterprise server 15 SP4	3006.0-150400.8.80.1 fixed
suse enterprise server 15 SP5	3006.0-150500.4.55.1 fixed
suse enterprise server 15 SP6	3006.0-150500.4.55.1 fixed

Red Hat Enterprise Linux Releases

Red Hat Product

Release

pcs

RHEL 8	0:0.10.18-2.el8_10.5 fixed
RHEL 8.4 AUS	0:0.10.8-1.el8_4.7 fixed
RHEL 8.4 E4S	0:0.10.8-1.el8_4.7 fixed
RHEL 8.4 TUS	0:0.10.8-1.el8_4.7 fixed
RHEL 8.6 E4S	0:0.10.12-6.el8_6.8 fixed
RHEL 8.6 TUS	0:0.10.12-6.el8_6.8 fixed
RHEL 8.8 AUS	0:0.10.15-4.el8_8.6 fixed
RHEL 8.8 E4S	0:0.10.15-4.el8_8.6 fixed
RHEL 8.8 EUS	0:0.10.15-4.el8_8.6 fixed
RHEL 8.8 TUS	0:0.10.15-4.el8_8.6 fixed

pcs-snmp

RHEL 8	0:0.10.18-2.el8_10.5 fixed
RHEL 8.4 AUS	0:0.10.8-1.el8_4.7 fixed
RHEL 8.4 E4S	0:0.10.8-1.el8_4.7 fixed
RHEL 8.4 TUS	0:0.10.8-1.el8_4.7 fixed
RHEL 8.6 E4S	0:0.10.12-6.el8_6.8 fixed
RHEL 8.6 TUS	0:0.10.12-6.el8_6.8 fixed
RHEL 8.8 AUS	0:0.10.15-4.el8_8.6 fixed
RHEL 8.8 E4S	0:0.10.15-4.el8_8.6 fixed
RHEL 8.8 EUS	0:0.10.15-4.el8_8.6 fixed
RHEL 8.8 TUS	0:0.10.15-4.el8_8.6 fixed

python3-tornado

RHEL 9

0:6.4.2-2.el9_6.2

fixed

Common Weakness Enumeration

CWE-770 - Allocation of Resources Without Limits or Throttling
The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References

https://github.com/tornadoweb/tornado/commit/b39b892bf78fe8fea01dd45199aa88307e7162f3

https://github.com/tornadoweb/tornado/security/advisories/GHSA-7cx3-6m66-7c5m

https://lists.debian.org/debian-lts-announce/2025/05/msg00038.html