- Description
- For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size limits. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue.
- Source
- security@apache.org
- NVD status
- Modified
- Products
- tomcat
CVSS 3.1
- Type
- Secondary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- HIGH
- security@apache.org
- CWE-190
- Hype score
- Not currently trending
CVE-2025-52520 (CVSS:7.5, HIGH) is Received. For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a..https://t.co/XsxvlcRkcG #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
15 Jul 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Vulnerabilidades en Apache Tomcat y HTTP Server ❗CVE-2025-53506 ❗CVE-2025-52434 ❗CVE-2025-52520 ➡️Más info: https://t.co/U9MhlJDNxE https://t.co/nKJdkYnXTS
@CERTpy
14 Jul 2025
135 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-52520 For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size limits. This issue… https://t.co/XKbnm1QwKQ
@CVEnew
11 Jul 2025
254 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-52520 Integer Overflow in Apache Tomcat Multipart Upload Enables Potential Denial of Service https://t.co/AzM3zF0lcC
@VulmonFeeds
11 Jul 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Warning: Multiple vulnerabilities in @TheApacheTomcat can lead to Denial of Service attacks. CVE-2025-52434, CVE-2025-52520, CVE-2025-53506 with CVSS 6.6 demand urgent action. Protect your systems now! Read the advisory https://t.co/I7TVCH9xgC #Patch immediately! #Vulnerability
@CCBalert
7 Jul 2025
90 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
2 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E068C4BE-B0A9-4C86-A03C-33089784EC21",
"versionEndExcluding": "9.0.107",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCF8FCC4-CE15-4B52-91D8-9B90563F3F7F",
"versionEndExcluding": "10.1.43",
"versionStartIncluding": "10.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52667567-7D5A-40AE-8C3B-4270A4BD059C",
"versionEndExcluding": "11.0.9",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]