CVE-2025-52434

EUVD-2025-21045

10.07.2025, 19:15

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client initiated closes of HTTP/2 connections.

This issue affects Apache Tomcat: from 9.0.0.M1 through 9.0.106.
The following versions were EOL at the time the CVE was created but are
known to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions
may also be affected.

Users are recommended to upgrade to version 9.0.107, which fixes the issue.

Race Condition

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 79%

Affected Products (NVD)

Vendor	Product	Version
apache	tomcat	9.0.0 ≤ 𝑥 < 9.0.107

𝑥

= Vulnerable software versions

openSUSE / SLES Releases

openSUSE Product

Release

tomcat

suse enterprise sap 15 SP3	9.0.108-150200.91.1 fixed
suse enterprise sap 15 SP4	9.0.108-150200.91.1 fixed
suse enterprise sap 15 SP5	9.0.108-150200.91.1 fixed
suse enterprise sap 15 SP6	9.0.108-150200.91.1 fixed
suse enterprise sap 15 SP7	9.0.108-150200.91.1 fixed
suse enterprise server 12 SP5	9.0.115-3.160.1 fixed
suse enterprise server 15 SP2	9.0.108-150200.91.1 fixed
suse enterprise server 15 SP3	9.0.108-150200.91.1 fixed
suse enterprise server 15 SP4	9.0.108-150200.91.1 fixed
suse enterprise server 15 SP5	9.0.108-150200.91.1 fixed
suse enterprise server 15 SP6	9.0.108-150200.91.1 fixed
suse enterprise server 15 SP7	9.0.108-150200.91.1 fixed

tomcat-admin-webapps

suse enterprise sap 15 SP3	9.0.108-150200.91.1 fixed
suse enterprise sap 15 SP4	9.0.108-150200.91.1 fixed
suse enterprise sap 15 SP5	9.0.108-150200.91.1 fixed
suse enterprise sap 15 SP6	9.0.108-150200.91.1 fixed
suse enterprise sap 15 SP7	9.0.108-150200.91.1 fixed
suse enterprise server 12 SP5	9.0.115-3.160.1 fixed
suse enterprise server 15 SP2	9.0.108-150200.91.1 fixed
suse enterprise server 15 SP3	9.0.108-150200.91.1 fixed
suse enterprise server 15 SP4	9.0.108-150200.91.1 fixed
suse enterprise server 15 SP5	9.0.108-150200.91.1 fixed
suse enterprise server 15 SP6	9.0.108-150200.91.1 fixed
suse enterprise server 15 SP7	9.0.108-150200.91.1 fixed

tomcat-docs-webapp

suse enterprise server 12 SP5

9.0.115-3.160.1

fixed

tomcat-el-3_0-api

suse enterprise sap 15 SP3	9.0.108-150200.91.1 fixed
suse enterprise sap 15 SP4	9.0.108-150200.91.1 fixed
suse enterprise sap 15 SP5	9.0.108-150200.91.1 fixed
suse enterprise sap 15 SP6	9.0.108-150200.91.1 fixed
suse enterprise sap 15 SP7	9.0.108-150200.91.1 fixed
suse enterprise server 12 SP5	9.0.115-3.160.1 fixed
suse enterprise server 15 SP2	9.0.108-150200.91.1 fixed
suse enterprise server 15 SP3	9.0.108-150200.91.1 fixed
suse enterprise server 15 SP4	9.0.108-150200.91.1 fixed
suse enterprise server 15 SP5	9.0.108-150200.91.1 fixed
suse enterprise server 15 SP6	9.0.108-150200.91.1 fixed
suse enterprise server 15 SP7	9.0.108-150200.91.1 fixed

tomcat-javadoc

suse enterprise server 12 SP5

9.0.115-3.160.1

fixed

tomcat-jsp-2_3-api

suse enterprise sap 15 SP3	9.0.108-150200.91.1 fixed
suse enterprise sap 15 SP4	9.0.108-150200.91.1 fixed
suse enterprise sap 15 SP5	9.0.108-150200.91.1 fixed
suse enterprise sap 15 SP6	9.0.108-150200.91.1 fixed
suse enterprise sap 15 SP7	9.0.108-150200.91.1 fixed
suse enterprise server 12 SP5	9.0.115-3.160.1 fixed
suse enterprise server 15 SP2	9.0.108-150200.91.1 fixed
suse enterprise server 15 SP3	9.0.108-150200.91.1 fixed
suse enterprise server 15 SP4	9.0.108-150200.91.1 fixed
suse enterprise server 15 SP5	9.0.108-150200.91.1 fixed
suse enterprise server 15 SP6	9.0.108-150200.91.1 fixed
suse enterprise server 15 SP7	9.0.108-150200.91.1 fixed

tomcat-lib

suse enterprise sap 15 SP3	9.0.108-150200.91.1 fixed
suse enterprise sap 15 SP4	9.0.108-150200.91.1 fixed
suse enterprise sap 15 SP5	9.0.108-150200.91.1 fixed
suse enterprise sap 15 SP6	9.0.108-150200.91.1 fixed
suse enterprise sap 15 SP7	9.0.108-150200.91.1 fixed
suse enterprise server 12 SP5	9.0.115-3.160.1 fixed
suse enterprise server 15 SP2	9.0.108-150200.91.1 fixed
suse enterprise server 15 SP3	9.0.108-150200.91.1 fixed
suse enterprise server 15 SP4	9.0.108-150200.91.1 fixed
suse enterprise server 15 SP5	9.0.108-150200.91.1 fixed
suse enterprise server 15 SP6	9.0.108-150200.91.1 fixed
suse enterprise server 15 SP7	9.0.108-150200.91.1 fixed

tomcat-servlet-4_0-api

suse enterprise sap 15 SP3	9.0.108-150200.91.1 fixed
suse enterprise sap 15 SP4	9.0.108-150200.91.1 fixed
suse enterprise sap 15 SP5	9.0.108-150200.91.1 fixed
suse enterprise sap 15 SP6	9.0.108-150200.91.1 fixed
suse enterprise sap 15 SP7	9.0.108-150200.91.1 fixed
suse enterprise server 12 SP5	9.0.115-3.160.1 fixed
suse enterprise server 15 SP2	9.0.108-150200.91.1 fixed
suse enterprise server 15 SP3	9.0.108-150200.91.1 fixed
suse enterprise server 15 SP4	9.0.108-150200.91.1 fixed
suse enterprise server 15 SP5	9.0.108-150200.91.1 fixed
suse enterprise server 15 SP6	9.0.108-150200.91.1 fixed
suse enterprise server 15 SP7	9.0.108-150200.91.1 fixed

tomcat-webapps

suse enterprise sap 15 SP3	9.0.108-150200.91.1 fixed
suse enterprise sap 15 SP4	9.0.108-150200.91.1 fixed
suse enterprise sap 15 SP5	9.0.108-150200.91.1 fixed
suse enterprise sap 15 SP6	9.0.108-150200.91.1 fixed
suse enterprise sap 15 SP7	9.0.108-150200.91.1 fixed
suse enterprise server 12 SP5	9.0.115-3.160.1 fixed
suse enterprise server 15 SP2	9.0.108-150200.91.1 fixed
suse enterprise server 15 SP3	9.0.108-150200.91.1 fixed
suse enterprise server 15 SP4	9.0.108-150200.91.1 fixed
suse enterprise server 15 SP5	9.0.108-150200.91.1 fixed
suse enterprise server 15 SP6	9.0.108-150200.91.1 fixed
suse enterprise server 15 SP7	9.0.108-150200.91.1 fixed

Red Hat Enterprise Linux Releases

Red Hat Product

Release

tomcat

RHEL 8	1:9.0.87-1.el8_10.6 fixed
RHEL 8.8 E4S	1:9.0.87-1.el8_8.7 fixed
RHEL 8.8 TUS	1:9.0.87-1.el8_8.7 fixed
RHEL 9	1:9.0.87-3.el9_6.3 fixed

tomcat-admin-webapps

RHEL 8	1:9.0.87-1.el8_10.6 fixed
RHEL 8.8 E4S	1:9.0.87-1.el8_8.7 fixed
RHEL 8.8 TUS	1:9.0.87-1.el8_8.7 fixed
RHEL 9	1:9.0.87-3.el9_6.3 fixed

tomcat-docs-webapp

RHEL 8	1:9.0.87-1.el8_10.6 fixed
RHEL 8.8 E4S	1:9.0.87-1.el8_8.7 fixed
RHEL 8.8 TUS	1:9.0.87-1.el8_8.7 fixed
RHEL 9	1:9.0.87-3.el9_6.3 fixed

tomcat-el-3.0-api

RHEL 8	1:9.0.87-1.el8_10.6 fixed
RHEL 8.8 E4S	1:9.0.87-1.el8_8.7 fixed
RHEL 8.8 TUS	1:9.0.87-1.el8_8.7 fixed
RHEL 9	1:9.0.87-3.el9_6.3 fixed

tomcat-jsp-2.3-api

RHEL 8	1:9.0.87-1.el8_10.6 fixed
RHEL 8.8 E4S	1:9.0.87-1.el8_8.7 fixed
RHEL 8.8 TUS	1:9.0.87-1.el8_8.7 fixed
RHEL 9	1:9.0.87-3.el9_6.3 fixed

tomcat-lib

RHEL 8	1:9.0.87-1.el8_10.6 fixed
RHEL 8.8 E4S	1:9.0.87-1.el8_8.7 fixed
RHEL 8.8 TUS	1:9.0.87-1.el8_8.7 fixed
RHEL 9	1:9.0.87-3.el9_6.3 fixed

tomcat-servlet-4.0-api

RHEL 8	1:9.0.87-1.el8_10.6 fixed
RHEL 8.8 E4S	1:9.0.87-1.el8_8.7 fixed
RHEL 8.8 TUS	1:9.0.87-1.el8_8.7 fixed
RHEL 9	1:9.0.87-3.el9_6.3 fixed

tomcat-webapps

RHEL 8	1:9.0.87-1.el8_10.6 fixed
RHEL 8.8 E4S	1:9.0.87-1.el8_8.7 fixed
RHEL 8.8 TUS	1:9.0.87-1.el8_8.7 fixed
RHEL 9	1:9.0.87-3.el9_6.3 fixed

Common Weakness Enumeration

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

References

https://lists.apache.org/thread/gxgh65004f25y8519coth6w7vchww030

http://www.openwall.com/lists/oss-security/2025/07/10/11

https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html