{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-31650", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2025-03-31T12:13:57.705Z", "datePublished": "2025-04-28T19:14:31.107Z", "dateUpdated": "2025-11-03T19:53:11.497Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Apache Tomcat", "vendor": "Apache Software Foundation", "versions": [{"lessThanOrEqual": "9.0.102", "status": "affected", "version": "9.0.76", "versionType": "semver"}, {"lessThanOrEqual": "10.1.39", "status": "affected", "version": "10.1.10", "versionType": "semver"}, {"lessThanOrEqual": "11.0.5", "status": "affected", "version": "11.0.0-M2", "versionType": "semver"}, {"lessThanOrEqual": "8.5.100", "status": "affected", "version": "8.5.90", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resulting in a denial of service.</p><p>This issue affects Apache Tomcat: from 9.0.76 through 9.0.102, from 10.1.10 through 10.1.39, from 11.0.0-M2 through 11.0.5.<br>The following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.90 though 8.5.100.<br></p><p>Users are recommended to upgrade to version 9.0.104, 10.1.40 or 11.0.6 which fix the issue.</p>"}], "value": "Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resulting in a denial of service.\n\nThis issue affects Apache Tomcat: from 9.0.76 through 9.0.102, from 10.1.10 through 10.1.39, from 11.0.0-M2 through 11.0.5.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.90 though 8.5.100.\n\n\nUsers are recommended to upgrade to version 9.0.104, 10.1.40 or 11.0.6 which fix the issue."}], "metrics": [{"other": {"content": {"text": "important"}, "type": "Textual description of severity"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-459", "description": "CWE-459 Incomplete Cleanup", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2025-08-08T11:43:00.251Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/j6zzk0y3yym9pzfzkq5vcyxzz0yzh826"}], "source": {"discovery": "UNKNOWN"}, "title": "Apache Tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2025/04/28/2"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T19:53:11.497Z"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-05-06T20:07:38.530859Z", "id": "CVE-2025-31650", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-06T20:07:50.531Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2025/04/28/2"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T19:53:11.497Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-31650", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-06T20:07:38.530859Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-06T20:07:13.015Z"}}], "cna": {"title": "Apache Tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame", "source": {"discovery": "UNKNOWN"}, "metrics": [{"other": {"type": "Textual description of severity", "content": {"text": "important"}}}], "affected": [{"vendor": "Apache Software Foundation", "product": "Apache Tomcat", "versions": [{"status": "affected", "version": "9.0.76", "versionType": "semver", "lessThanOrEqual": "9.0.102"}, {"status": "affected", "version": "10.1.10", "versionType": "semver", "lessThanOrEqual": "10.1.39"}, {"status": "affected", "version": "11.0.0-M2", "versionType": "semver", "lessThanOrEqual": "11.0.5"}, {"status": "affected", "version": "8.5.90", "versionType": "semver", "lessThanOrEqual": "8.5.100"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://lists.apache.org/thread/j6zzk0y3yym9pzfzkq5vcyxzz0yzh826", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resulting in a denial of service.\n\nThis issue affects Apache Tomcat: from 9.0.76 through 9.0.102, from 10.1.10 through 10.1.39, from 11.0.0-M2 through 11.0.5.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.90 though 8.5.100.\n\n\nUsers are recommended to upgrade to version 9.0.104, 10.1.40 or 11.0.6 which fix the issue.", "supportingMedia": [{"type": "text/html", "value": "<p>Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resulting in a denial of service.</p><p>This issue affects Apache Tomcat: from 9.0.76 through 9.0.102, from 10.1.10 through 10.1.39, from 11.0.0-M2 through 11.0.5.<br>The following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.90 though 8.5.100.<br></p><p>Users are recommended to upgrade to version 9.0.104, 10.1.40 or 11.0.6 which fix the issue.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-459", "description": "CWE-459 Incomplete Cleanup"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2025-08-08T11:43:00.251Z"}}}, "cveMetadata": {"cveId": "CVE-2025-31650", "state": "PUBLISHED", "dateUpdated": "2025-11-03T19:53:11.497Z", "dateReserved": "2025-03-31T12:13:57.705Z", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "datePublished": "2025-04-28T19:14:31.107Z", "assignerShortName": "apache"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "matchCriteriaId": "6F4F87EB-0046-4BAA-91C8-C60C60425186", "versionEndExcluding": "9.0.104", "versionStartIncluding": "9.0.76", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "matchCriteriaId": "7EC8AA6F-0BB4-4075-8F2B-DE39FD9A2BD8", "versionEndExcluding": "10.1.40", "versionStartIncluding": "10.1.10", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "matchCriteriaId": "45AB4386-DB38-4808-924A-617CECE9F939", "versionEndExcluding": "11.0.6", "versionStartIncluding": "11.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone10:*:*:*:*:*:*", "matchCriteriaId": "57088BDD-A136-45EF-A8A1-2EBF79CEC2CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone11:*:*:*:*:*:*", "matchCriteriaId": "B32D1D7A-A04F-444E-8F45-BB9A9E4B0199", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone12:*:*:*:*:*:*", "matchCriteriaId": "0092FB35-3B00-484F-A24D-7828396A4FF6", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone13:*:*:*:*:*:*", "matchCriteriaId": "CB557E88-FA9D-4B69-AA6F-EAEE7F9B01AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone14:*:*:*:*:*:*", "matchCriteriaId": "72D3C6F1-84FA-4F82-96C1-9A8DA1C1F30F", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone15:*:*:*:*:*:*", "matchCriteriaId": "3521C81B-37D9-48FC-9540-D0D333B9A4A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone16:*:*:*:*:*:*", "matchCriteriaId": "02A84634-A8F2-4BA9-B9F3-BEF36AEC5480", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone17:*:*:*:*:*:*", "matchCriteriaId": "ECBBC1F1-C86B-40AF-B740-A99F6B27682A", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone18:*:*:*:*:*:*", "matchCriteriaId": "9D2206B2-F3FF-43F2-B3E2-3CAAC64C691D", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone19:*:*:*:*:*:*", "matchCriteriaId": "0495A538-4102-40D0-A35C-0179CFD52A9D", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone2:*:*:*:*:*:*", "matchCriteriaId": "2AAD52CE-94F5-4F98-A027-9A7E68818CB6", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone20:*:*:*:*:*:*", "matchCriteriaId": "77BA6600-0890-4BA1-B447-EC1746BAB4FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone21:*:*:*:*:*:*", "matchCriteriaId": "7914D26B-CBD6-4846-9BD3-403708D69319", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone22:*:*:*:*:*:*", "matchCriteriaId": "123C6285-03BE-49FC-B821-8BDB25D02863", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone23:*:*:*:*:*:*", "matchCriteriaId": "8A28C2E2-B7BC-46CE-94E4-AE3EF172AA47", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone24:*:*:*:*:*:*", "matchCriteriaId": "069B0D8E-8223-4C4E-A834-C6235D6C3450", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone25:*:*:*:*:*:*", "matchCriteriaId": "E6282085-5716-4874-B0B0-180ECDEE128F", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone3:*:*:*:*:*:*", "matchCriteriaId": "F1F981F5-035A-4EDD-8A9F-481EE8BC7FF7", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone4:*:*:*:*:*:*", "matchCriteriaId": "03A171AF-2EC8-4422-912C-547CDB58CAAA", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone5:*:*:*:*:*:*", "matchCriteriaId": "538E68C4-0BA4-495F-AEF8-4EF6EE7963CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone6:*:*:*:*:*:*", "matchCriteriaId": "49350A6E-5E1D-45B2-A874-3B8601B3ADCC", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone7:*:*:*:*:*:*", "matchCriteriaId": "5F50942F-DF54-46C0-8371-9A476DD3EEA3", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone8:*:*:*:*:*:*", "matchCriteriaId": "D12C2C95-B79F-4AA4-8CE3-99A3EE7991AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone9:*:*:*:*:*:*", "matchCriteriaId": "98792138-DD56-42DF-9612-3BDC65EEC117", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resulting in a denial of service.\n\nThis issue affects Apache Tomcat: from 9.0.76 through 9.0.102, from 10.1.10 through 10.1.39, from 11.0.0-M2 through 11.0.5.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.90 though 8.5.100.\n\n\nUsers are recommended to upgrade to version 9.0.104, 10.1.40 or 11.0.6 which fix the issue."}, {"lang": "es", "value": "Vulnerabilidad de validaci\u00f3n de entrada incorrecta en Apache Tomcat. La gesti\u00f3n incorrecta de errores en algunos encabezados de prioridad HTTP no v\u00e1lidos provoc\u00f3 una limpieza incompleta de la solicitud fallida, lo que gener\u00f3 una fuga de memoria. Un gran n\u00famero de solicitudes de este tipo podr\u00eda generar una excepci\u00f3n OutOfMemoryException, lo que resulta en una denegaci\u00f3n de servicio. Este problema afecta a Apache Tomcat: de la 9.0.76 a la 9.0.102, de la 10.1.10 a la 10.1.39 y de la 11.0.0-M2 a la 11.0.5. Se recomienda actualizar a las versiones 9.0.104, 10.1.40 o 11.0.6, que solucionan el problema."}], "id": "CVE-2025-31650", "lastModified": "2025-11-03T20:18:25.740", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-04-28T20:15:20.653", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread/j6zzk0y3yym9pzfzkq5vcyxzz0yzh826"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2025/04/28/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-459"}], "source": "security@apache.org", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-459"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2025:4522", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.8", "package": "tomcat", "product_name": "Red Hat JBoss Web Server 5", "release_date": "2025-05-08T00:00:00Z"}, {"advisory": "RHSA-2025:4521", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.8::el7", "package": "jws5-tomcat-0:9.0.87-11.redhat_00010.1.el7jws", "product_name": "Red Hat JBoss Web Server 5.8 on RHEL 7", "release_date": "2025-05-08T00:00:00Z"}, {"advisory": "RHSA-2025:4521", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.8::el8", "package": "jws5-tomcat-0:9.0.87-11.redhat_00010.1.el8jws", "product_name": "Red Hat JBoss Web Server 5.8 on RHEL 8", "release_date": "2025-05-08T00:00:00Z"}, {"advisory": "RHSA-2025:4521", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.8::el9", "package": "jws5-tomcat-0:9.0.87-11.redhat_00010.1.el9jws", "product_name": "Red Hat JBoss Web Server 5.8 on RHEL 9", "release_date": "2025-05-08T00:00:00Z"}, {"advisory": "RHSA-2025:3609", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:6.1", "package": "tomcat", "product_name": "Red Hat JBoss Web Server 6", "release_date": "2025-04-07T00:00:00Z"}, {"advisory": "RHSA-2025:3608", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:6.1::el8", "package": "jws6-tomcat-0:10.1.36-6.redhat_00007.1.el8jws", "product_name": "Red Hat JBoss Web Server 6.1 on RHEL 8", "release_date": "2025-04-07T00:00:00Z"}, {"advisory": "RHSA-2025:3608", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:6.1::el8", "package": "jws6-tomcat-jakartaee-migration-0:1.0.6-2.redhat_00003.1.el8jws", "product_name": "Red Hat JBoss Web Server 6.1 on RHEL 8", "release_date": "2025-04-07T00:00:00Z"}, {"advisory": "RHSA-2025:3608", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:6.1::el8", "package": "jws6-tomcat-native-0:1.3.1-1.redhat_1.el8jws", "product_name": "Red Hat JBoss Web Server 6.1 on RHEL 8", "release_date": "2025-04-07T00:00:00Z"}, {"advisory": "RHSA-2025:3608", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:6.1::el9", "package": "jws6-tomcat-0:10.1.36-6.redhat_00007.1.el9jws", "product_name": "Red Hat JBoss Web Server 6.1 on RHEL 9", "release_date": "2025-04-07T00:00:00Z"}, {"advisory": "RHSA-2025:3608", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:6.1::el9", "package": "jws6-tomcat-jakartaee-migration-0:1.0.6-2.redhat_00003.1.el9jws", "product_name": "Red Hat JBoss Web Server 6.1 on RHEL 9", "release_date": "2025-04-07T00:00:00Z"}, {"advisory": "RHSA-2025:3608", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:6.1::el9", "package": "jws6-tomcat-native-0:1.3.1-1.redhat_1.el9jws", "product_name": "Red Hat JBoss Web Server 6.1 on RHEL 9", "release_date": "2025-04-07T00:00:00Z"}], "bugzilla": {"description": "tomcat: Apache Tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame", "id": "2362783", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362783"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-20", "details": ["Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resulting in a denial of service.\nThis issue affects Apache Tomcat: from 9.0.76 through 9.0.102, from 10.1.10 through 10.1.39, from 11.0.0-M2 through 11.0.5.\nUsers are recommended to upgrade to version 9.0.104, 10.1.40 or 11.0.6 which fix the issue.", "A flaw was found in Apache Tomcat. This vulnerability allows an application-level denial of service (DoS), causing it to become unresponsive or slow via maliciously crafted HTTP/2 prioritization headers. It performs an incomplete cleanup of failed requests, which triggers a memory leak."], "mitigation": {"lang": "en:us", "value": "Mitigation is either unavailable or does not meet Red Hat Product Security standards for usability, deployment, applicability, or stability."}, "name": "CVE-2025-31650", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "tomcat", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "tomcat9", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "tomcat6", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "tomcat", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "pki-deps:10.6/pki-servlet-engine", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "tomcat", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "pki-servlet-engine", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "tomcat", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-04-28T19:14:31Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-31650\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-31650\nhttps://lists.apache.org/thread/j6zzk0y3yym9pzfzkq5vcyxzz0yzh826"], "statement": "This is marked as Important vulnerability rather than a Moderate flaw because it introduces a reliable, unauthenticated denial-of-service (DoS) vector that exploits the core request-handling mechanism in Apache Tomcat. Specifically, the improper handling of invalid HTTP/2 Priority headers results in incomplete memory deallocation, creating a server-side memory leak. Unlike transient request errors that are gracefully handled and discarded, these malformed requests accumulate residual memory allocations over time. \nThis means an attacker can trigger an OutOfMemoryException simply by sending a large volume of crafted HTTP/2 requests, effectively rendering the server non-functional without needing authentication or access to specific endpoints. Given that HTTP/2 is widely used in production environments to improve performance, this vulnerability targets a default, high-traffic pathway, making it more impactful.", "threat_severity": "Important"}

{}