CVE-2025-31650

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Apr 28, 2025

Updated: May 6, 2025

CWE ID 459

Summary

CVE-2025-31650 is an Input Validation vulnerability affecting various versions of Apache Tomcat. The flaw arises from the server's improper handling of certain invalid HTTP priority headers. This issue leads to incomplete cleaning up of failed requests, creating a memory leak. A high volume of such requests may eventually cause an Out-of-Memory Exception, inducing a Denial of Service condition. Affected versions include 9.0.76 through 9.0.102, 10.1.10 through 10.1.39, and 11.0.0-M2 through 11.0.5. To mitigate this risk, users are advised to upgrade to the patched versions 9.0.104, 10.1.40, or 11.0.6.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Apache Tomcat

Affected Vendors

Apache

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners