CVE-2025-31650

Published Apr 28, 2025

Last updated 3 days ago

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2025-31650 is an improper input validation vulnerability in Apache Tomcat. The vulnerability arises from incorrect error handling of invalid HTTP priority headers, leading to incomplete cleanup of failed requests and a memory leak. By sending a large number of requests with malformed HTTP priority headers, an attacker can trigger an OutOfMemoryException, resulting in a denial-of-service (DoS) condition. This affects Apache Tomcat versions 9.0.76 through 9.0.102, 10.1.10 through 10.1.39, and 11.0.0-M2 through 11.0.5. Users are advised to upgrade to versions 9.0.104, 10.1.40, or 11.0.6 to mitigate the risk.

Description
Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resulting in a denial of service. This issue affects Apache Tomcat: from 9.0.76 through 9.0.102, from 10.1.10 through 10.1.39, from 11.0.0-M2 through 11.0.5. Users are recommended to upgrade to version 9.0.104, 10.1.40 or 11.0.6 which fix the issue.
Source
security@apache.org
NVD status
Awaiting Analysis

Weaknesses

security@apache.org
CWE-20

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

9

  1. CVE-2025-31650 : TomcatKiller Una herramienta diseñada para detectar la vulnerabilidad CVE-2025-31650 en Apache Tomcat (versiones 10.1.10 a 10.1.39) https://t.co/Tb9RfNX4Dk https://t.co/OibjmunHxw

    @elhackernet

    1 May 2025

    2040 Impressions

    10 Retweets

    24 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  2. GitHub - absholi7ly/TomcatKiller-CVE-2025-31650: A tool designed to detect the vulnerability **CVE-2025-31650** in Apache Tomcat (versions 10.1.10 to 10.1.39) - https://t.co/GstUbdQwe6

    @piedpiper1616

    30 Apr 2025

    2767 Impressions

    22 Retweets

    76 Likes

    39 Bookmarks

    0 Replies

    0 Quotes

  3. ⚡️The vulnerability details are now available: https://t.co/hCrWJgiraj 🚨Apache Tomcat Alert🚨 CVE-2025-31650: Attackers can bypass rules & CRASH servers with a crafty DoS attack! Malformed HTTP headers exploit a memory leak, triggering OutOfMemory chaos. 🔥PoC fr

    @zoomeye_team

    30 Apr 2025

    673 Impressions

    3 Retweets

    15 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  4. ⚡️The vulnerability details are now available: https://t.co/hCrWJgiraj 🚨Apache Tomcat Alert🚨 CVE-2025-31650: Attackers can bypass rules & CRASH servers with a crafty DoS attack! Malformed HTTP headers exploit a memory leak, triggering OutOfMemory chaos. 🔥PoC: h

    @zoomeye_team

    30 Apr 2025

    60 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🚨Poc: CVE-2025-31650 Denial of Service via Invalid HTTP Prioritization Header ( #Apache #Tomcat ) https://t.co/cpES5szeWI https://t.co/RIbSD2y838

    @absholi7ly

    30 Apr 2025

    135 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  6. ⚠️Vulnerabilidades en Apache Tomcat ❗CVE-2025-31650 ❗CVE-2025-31651 ➡️Más info: https://t.co/t8hU9AY3cz https://t.co/K85gRf1v9V

    @CERTpy

    29 Apr 2025

    125 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. 아파치 톰캣(Tomcat) 보안취약점(CVE-2025-31650, CVE-2025-31651) 패치 설치 권고 https://t.co/kdW3HaBWoS

    @virusmyths

    29 Apr 2025

    45 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Apache Tomcatにおいて重大な脆弱性(CVE-2025-31650)が発見され、攻撃者がHTTP Priorityヘッダーを悪用してDoS(サービス拒否)攻撃を実行できる危険性がある。メモリリークを引き起こしサーバをクラッシュさせる恐

    @yousukezan

    29 Apr 2025

    7731 Impressions

    45 Retweets

    117 Likes

    39 Bookmarks

    0 Replies

    1 Quote

  9. 🚨Alert🚨 CVE-2025-31650: Denial of Service via Invalid HTTP Prioritization Header & CVE-2025-31651: Rewrite Rule Bypass 📊10.6M+ Services are found on the https://t.co/ysWb28Crld yearly. 🔗Hunter Link:https://t.co/Pf8A56s3ZW 👇Query HUNTER : https://t.co/q9rtuGgxk7

    @HunterMapping

    29 Apr 2025

    2996 Impressions

    31 Retweets

    75 Likes

    25 Bookmarks

    0 Replies

    0 Quotes

  10. Apache Tomcat Security Update Fixes DoS and Rewrite Rule Bypass Flaws Apache Tomcat patches CVE-2025-31650 and CVE-2025-31651 to fix denial of service and rewrite rule bypass issues. Upgrade now to stay secure. https://t.co/WPVQNtl8bT

    @the_yellow_fall

    29 Apr 2025

    288 Impressions

    3 Retweets

    0 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  11. CVE-2025-31650 Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the faile… https://t.co/UuMd7jjgYN

    @CVEnew

    28 Apr 2025

    423 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References