Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-31650


Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resulting in a denial of service. This issue affects Apache Tomcat: from 9.0.76 through 9.0.102, from 10.1.10 through 10.1.39, from 11.0.0-M2 through 11.0.5. Users are recommended to upgrade to version 9.0.104, 10.1.40 or 11.0.6 which fix the issue.


Published

2025-04-28T20:15:20.653

Last Modified

2025-05-06T20:15:26.237

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses
  • Type: Primary
    CWE-459
  • Type: Secondary
    CWE-459

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application apache tomcat < 9.0.104 Yes
Application apache tomcat < 10.1.40 Yes
Application apache tomcat < 11.0.6 Yes
Application apache tomcat 11.0.0 Yes
Application apache tomcat 11.0.0 Yes
Application apache tomcat 11.0.0 Yes
Application apache tomcat 11.0.0 Yes
Application apache tomcat 11.0.0 Yes
Application apache tomcat 11.0.0 Yes
Application apache tomcat 11.0.0 Yes
Application apache tomcat 11.0.0 Yes
Application apache tomcat 11.0.0 Yes
Application apache tomcat 11.0.0 Yes
Application apache tomcat 11.0.0 Yes
Application apache tomcat 11.0.0 Yes
Application apache tomcat 11.0.0 Yes
Application apache tomcat 11.0.0 Yes
Application apache tomcat 11.0.0 Yes
Application apache tomcat 11.0.0 Yes
Application apache tomcat 11.0.0 Yes
Application apache tomcat 11.0.0 Yes
Application apache tomcat 11.0.0 Yes
Application apache tomcat 11.0.0 Yes
Application apache tomcat 11.0.0 Yes
Application apache tomcat 11.0.0 Yes
Application apache tomcat 11.0.0 Yes
Application apache tomcat 11.0.0 Yes

References