AI description
CVE-2025-31650 is an improper input validation vulnerability in Apache Tomcat. The vulnerability arises from incorrect error handling of invalid HTTP priority headers, leading to incomplete cleanup of failed requests and a memory leak. By sending a large number of requests with malformed HTTP priority headers, an attacker can trigger an OutOfMemoryException, resulting in a denial-of-service (DoS) condition. This affects Apache Tomcat versions 9.0.76 through 9.0.102, 10.1.10 through 10.1.39, and 11.0.0-M2 through 11.0.5. Users are advised to upgrade to versions 9.0.104, 10.1.40, or 11.0.6 to mitigate the risk.
- Description
- Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resulting in a denial of service. This issue affects Apache Tomcat: from 9.0.76 through 9.0.102, from 10.1.10 through 10.1.39, from 11.0.0-M2 through 11.0.5. Users are recommended to upgrade to version 9.0.104, 10.1.40 or 11.0.6 which fix the issue.
- Source
- security@apache.org
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- HIGH
- Hype score
- Not currently trending
CVE-2025-31650: Critical Apache Tomcat DoS Vulnerability - Deconstructing the "TomcatKiller" Attack 👉 https://t.co/MlHSjTi818
@1337Sheets
24 Jun 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A PoC exploit for Apache Tomcat's CVE-2025-31650 reveals a DoS vulnerability impacting versions 9.0.76–9.0.102, 10.1.10–10.1.39, and 11.0.0-M2–11.0.5. Improper input handling leads to memory leaks & potential OOM errors. Update to mitigate! ⚠️ #Apache #V… https://
@TweetThreatNews
7 Jun 2025
93 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 Atenção, devs! Vulnerabilidade crítica no Apache Tomcat HTTP/2 (CVE-2025-31650) permite ataques DoS com headers de prioridade malformados. 💥 Atualize para as versões 9.0.104, 10.1.40 ou 11.0.6 JÁ! #Cybersecurity #ApacheTomcat #DoS https://t.co/yzVu5nmEf0
@fernandokarl
6 Jun 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Múltiples vulnerabilidades en HPE Telco Service Orchestrator ❗CVE-2025-31650 ❗CVE-2025-31651 ➡️Más info: https://t.co/Z5eQBrRz1i https://t.co/7NBvluSTqO
@CERTpy
5 Jun 2025
96 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-31650/31651 Patched! openSUSE 15.6 Tomcat 10.1.40 update is LIVE. ▶️ zypper in -t patch openSUSE-SLE-15.6-2025-1537=1 Details: 👉 https://t.co/a96scqdMqe #LinuxSecurity https://t.co/0SoBLUqvhb
@Cezar_H_Linux
13 May 2025
27 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Apache Tomcat の脆弱性 CVE-2025-31650/31651 が FIX:DoS とルール・バイパスの恐れ https://t.co/qd4baOiT2c Apache Tomcat に新たな脆弱性が発見されました。なお、同ツールでは、3月以降から別の脆弱性 CVE-2025-24813 の悪用が
@iototsecnews
12 May 2025
289 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
1 Quote
【CVE-2025-31650・CVE-2025-31651】2つの重大な脆弱性修正を含む最新安定版「Tomcat 11.0.6」へのアップデートのススメ https://t.co/z0dDhgH2sz @nikkeimatomeより
@nikkeimatome
9 May 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[JVNVU#93256936] Apache Tomcatにおける複数の脆弱性(CVE-2025-31650、CVE-2025-31651) https://t.co/spHVEWtXLC #jvn #脆弱性 #セキュリティ
@jpsecuritynews
9 May 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
JVNVU#93256936 Apache Tomcatにおける複数の脆弱性(CVE-2025-31650、CVE-2025-31651) https://t.co/ATFp9a3QiB ご利用の方は早めの対応を。
@Syynya
8 May 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
JVNVU#93256936: Apache Tomcatにおける複数の脆弱性(CVE-2025-31650、CVE-2025-31651) https://t.co/jtIzMisJnV
@Luke06121
8 May 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
JVN: Apache Tomcatにおける複数の脆弱性(CVE-2025-31650、CVE-2025-31651) https://t.co/ce5RtazJ4l
@AileenWoodstock
8 May 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【CVE-2025-31650】Apache Tomcatに深刻なDoS脆弱性、メモリリーク問題でサービス停止の危険性 – / XEXEQ(ゼゼック) https://t.co/OQbwWkxswC
@01ra66it
8 May 2025
934 Impressions
3 Retweets
13 Likes
1 Bookmark
0 Replies
0 Quotes
[2025/05/08 10:00 公表] Apache Tomcatにおける複数の脆弱性(CVE-2025-31650、CVE-2025-31651) https://t.co/zu1zoiNG7t
@jvnjp
8 May 2025
269 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
1 Quote
🚨 CVE-2025-31650: High-severity Tomcat DoS flaw lets attackers crash servers via malformed HTTP Priority headers. Affected: 9.0.76–9.0.102 10.1.10–10.1.39 11.0.0-M2–11.0.5 Fix: Upgrade to 9.0.104+/10.1.40+/11.0.6+. ⚠ Exploitable remotely! #PatchNow #CyberSecurity h
@NullShadowX0
2 May 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-31650 : TomcatKiller เครื่องมือที่ออกแบบมาเพื่อตรวจจับช่องโหว่ CVE-2025-31650 ใน Apache Tomcat (รุ่น 10.1.10 ถึง 10.1.39) https://t.co/mdfx2I4WMf https://t.co/Eg5UvlOUVO
@freedomhack101
2 May 2025
45 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-31650 : TomcatKiller Una herramienta diseñada para detectar la vulnerabilidad CVE-2025-31650 en Apache Tomcat (versiones 10.1.10 a 10.1.39) https://t.co/Tb9RfNX4Dk https://t.co/OibjmunHxw
@elhackernet
1 May 2025
2556 Impressions
13 Retweets
44 Likes
11 Bookmarks
0 Replies
0 Quotes
GitHub - absholi7ly/TomcatKiller-CVE-2025-31650: A tool designed to detect the vulnerability **CVE-2025-31650** in Apache Tomcat (versions 10.1.10 to 10.1.39) - https://t.co/GstUbdQwe6
@piedpiper1616
30 Apr 2025
2767 Impressions
22 Retweets
76 Likes
39 Bookmarks
0 Replies
0 Quotes
⚡️The vulnerability details are now available: https://t.co/hCrWJgiraj 🚨Apache Tomcat Alert🚨 CVE-2025-31650: Attackers can bypass rules & CRASH servers with a crafty DoS attack! Malformed HTTP headers exploit a memory leak, triggering OutOfMemory chaos. 🔥PoC fr
@zoomeye_team
30 Apr 2025
673 Impressions
3 Retweets
15 Likes
1 Bookmark
0 Replies
0 Quotes
⚡️The vulnerability details are now available: https://t.co/hCrWJgiraj 🚨Apache Tomcat Alert🚨 CVE-2025-31650: Attackers can bypass rules & CRASH servers with a crafty DoS attack! Malformed HTTP headers exploit a memory leak, triggering OutOfMemory chaos. 🔥PoC: h
@zoomeye_team
30 Apr 2025
60 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Poc: CVE-2025-31650 Denial of Service via Invalid HTTP Prioritization Header ( #Apache #Tomcat ) https://t.co/cpES5szeWI https://t.co/RIbSD2y838
@absholi7ly
30 Apr 2025
135 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
⚠️Vulnerabilidades en Apache Tomcat ❗CVE-2025-31650 ❗CVE-2025-31651 ➡️Más info: https://t.co/t8hU9AY3cz https://t.co/K85gRf1v9V
@CERTpy
29 Apr 2025
125 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
아파치 톰캣(Tomcat) 보안취약점(CVE-2025-31650, CVE-2025-31651) 패치 설치 권고 https://t.co/kdW3HaBWoS
@virusmyths
29 Apr 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apache Tomcatにおいて重大な脆弱性(CVE-2025-31650)が発見され、攻撃者がHTTP Priorityヘッダーを悪用してDoS(サービス拒否)攻撃を実行できる危険性がある。メモリリークを引き起こしサーバをクラッシュさせる恐
@yousukezan
29 Apr 2025
7731 Impressions
45 Retweets
117 Likes
39 Bookmarks
0 Replies
1 Quote
🚨Alert🚨 CVE-2025-31650: Denial of Service via Invalid HTTP Prioritization Header & CVE-2025-31651: Rewrite Rule Bypass 📊10.6M+ Services are found on the https://t.co/ysWb28Crld yearly. 🔗Hunter Link:https://t.co/Pf8A56s3ZW 👇Query HUNTER : https://t.co/q9rtuGgxk7
@HunterMapping
29 Apr 2025
2996 Impressions
31 Retweets
75 Likes
25 Bookmarks
0 Replies
0 Quotes
Apache Tomcat Security Update Fixes DoS and Rewrite Rule Bypass Flaws Apache Tomcat patches CVE-2025-31650 and CVE-2025-31651 to fix denial of service and rewrite rule bypass issues. Upgrade now to stay secure. https://t.co/WPVQNtl8bT
@the_yellow_fall
29 Apr 2025
288 Impressions
3 Retweets
0 Likes
2 Bookmarks
0 Replies
0 Quotes
CVE-2025-31650 Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the faile… https://t.co/UuMd7jjgYN
@CVEnew
28 Apr 2025
423 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6F4F87EB-0046-4BAA-91C8-C60C60425186",
"versionEndExcluding": "9.0.104",
"versionStartIncluding": "9.0.76"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7EC8AA6F-0BB4-4075-8F2B-DE39FD9A2BD8",
"versionEndExcluding": "10.1.40",
"versionStartIncluding": "10.1.10"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "45AB4386-DB38-4808-924A-617CECE9F939",
"versionEndExcluding": "11.0.6",
"versionStartIncluding": "11.0.1"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone10:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "57088BDD-A136-45EF-A8A1-2EBF79CEC2CE"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone11:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B32D1D7A-A04F-444E-8F45-BB9A9E4B0199"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone12:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0092FB35-3B00-484F-A24D-7828396A4FF6"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone13:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CB557E88-FA9D-4B69-AA6F-EAEE7F9B01AC"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone14:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "72D3C6F1-84FA-4F82-96C1-9A8DA1C1F30F"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone15:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3521C81B-37D9-48FC-9540-D0D333B9A4A4"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone16:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "02A84634-A8F2-4BA9-B9F3-BEF36AEC5480"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone17:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ECBBC1F1-C86B-40AF-B740-A99F6B27682A"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone18:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9D2206B2-F3FF-43F2-B3E2-3CAAC64C691D"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone19:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0495A538-4102-40D0-A35C-0179CFD52A9D"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2AAD52CE-94F5-4F98-A027-9A7E68818CB6"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone20:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "77BA6600-0890-4BA1-B447-EC1746BAB4FD"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone21:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7914D26B-CBD6-4846-9BD3-403708D69319"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone22:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "123C6285-03BE-49FC-B821-8BDB25D02863"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone23:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8A28C2E2-B7BC-46CE-94E4-AE3EF172AA47"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone24:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "069B0D8E-8223-4C4E-A834-C6235D6C3450"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone25:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E6282085-5716-4874-B0B0-180ECDEE128F"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F1F981F5-035A-4EDD-8A9F-481EE8BC7FF7"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "03A171AF-2EC8-4422-912C-547CDB58CAAA"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "538E68C4-0BA4-495F-AEF8-4EF6EE7963CF"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "49350A6E-5E1D-45B2-A874-3B8601B3ADCC"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone7:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5F50942F-DF54-46C0-8371-9A476DD3EEA3"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone8:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D12C2C95-B79F-4AA4-8CE3-99A3EE7991AB"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone9:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "98792138-DD56-42DF-9612-3BDC65EEC117"
}
],
"operator": "OR"
}
]
}
]