Vulnerability-Lookup

CNVD-2025-31393

Vulnerability from cnvd - Published: 2025-12-24

Title

Apache Tomcat资源管理错误漏洞（CNVD-2025-31393）

Description

Apache Tomcat是美国阿帕奇（Apache）基金会的一款轻量级Web应用服务器。用于实现对Servlet和JavaServer Page（JSP）的支持。 Apache Tomcat存在资源管理错误漏洞，该漏洞源于资源关闭或释放不当，攻击者可利用该漏洞导致拒绝服务攻击。

Severity

中

Patch Name

Apache Tomcat资源管理错误漏洞（CNVD-2025-31393）的补丁

Patch Description

Apache Tomcat是美国阿帕奇（Apache）基金会的一款轻量级Web应用服务器。用于实现对Servlet和JavaServer Page（JSP）的支持。 Apache Tomcat存在资源管理错误漏洞，该漏洞源于资源关闭或释放不当，攻击者可利用该漏洞导致拒绝服务攻击。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://tomcat.apache.org/

Reference

https://lists.apache.org/thread/wm9mx8brmx9g4zpywm06ryrtvd3160pp

Impacted products

Name
['Apache Tomcat >=11.0.0-M1，<=11.0.11', 'Apache Tomcat >=10.1.0-M1，<=10.1.46', 'Apache Tomcat >=9.0.0.M1，<=9.0.109', 'Apache Tomcat >=8.5.0，<=8.5.100']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2025-61795",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-61795"
    }
  },
  "description": "Apache Tomcat\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u8f7b\u91cf\u7ea7Web\u5e94\u7528\u670d\u52a1\u5668\u3002\u7528\u4e8e\u5b9e\u73b0\u5bf9Servlet\u548cJavaServer Page\uff08JSP\uff09\u7684\u652f\u6301\u3002\n\nApache Tomcat\u5b58\u5728\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8d44\u6e90\u5173\u95ed\u6216\u91ca\u653e\u4e0d\u5f53\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://tomcat.apache.org/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-31393",
  "openTime": "2025-12-24",
  "patchDescription": "Apache Tomcat\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u8f7b\u91cf\u7ea7Web\u5e94\u7528\u670d\u52a1\u5668\u3002\u7528\u4e8e\u5b9e\u73b0\u5bf9Servlet\u548cJavaServer Page\uff08JSP\uff09\u7684\u652f\u6301\u3002\r\n\r\nApache Tomcat\u5b58\u5728\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8d44\u6e90\u5173\u95ed\u6216\u91ca\u653e\u4e0d\u5f53\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apache Tomcat\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2025-31393\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apache Tomcat \u003e=11.0.0-M1\uff0c\u003c=11.0.11",
      "Apache Tomcat \u003e=10.1.0-M1\uff0c\u003c=10.1.46",
      "Apache Tomcat \u003e=9.0.0.M1\uff0c\u003c=9.0.109",
      "Apache Tomcat \u003e=8.5.0\uff0c\u003c=8.5.100"
    ]
  },
  "referenceLink": "https://lists.apache.org/thread/wm9mx8brmx9g4zpywm06ryrtvd3160pp",
  "serverity": "\u4e2d",
  "submitTime": "2025-10-31",
  "title": "Apache Tomcat\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2025-31393\uff09"
}

CVE-2025-61795 (GCVE-0-2025-61795)

Vulnerability from cvelistv5 – Published: 2025-10-27 17:30 – Updated: 2025-11-04 21:14

Title

Apache Tomcat: Delayed cleaning of multi-part upload temporary files may lead to DoS

Summary

Improper Resource Shutdown or Release vulnerability in Apache Tomcat. If an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.

Severity ?

No CVSS data available.

CWE

CWE-404 - Improper Resource Shutdown or Release

Assigner

apache

References

URL

Tags

https://lists.apache.org/thread/wm9mx8brmx9g4zpyw…

vendor-advisory

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache Tomcat	Affected: 11.0.0-M1 , ≤ 11.0.11 (semver) Affected: 10.1.0-M1 , ≤ 10.1.46 (semver) Affected: 9.0.0.M1 , ≤ 9.0.109 (semver) Affected: 8.5.0 , ≤ 8.5.100 (semver) Unknown: 3 , < 8.5.0 (semver) Unknown: 10.0.0-M1 , ≤ 10.0.27 (semver)

Credits

sw0rd1ight (https://github.com/sw0rd1ight)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-61795",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-27T18:48:52.755946Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-27T18:48:55.273Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T21:14:10.512Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/10/27/6"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache Tomcat",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "11.0.11",
              "status": "affected",
              "version": "11.0.0-M1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "10.1.46",
              "status": "affected",
              "version": "10.1.0-M1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "9.0.109",
              "status": "affected",
              "version": "9.0.0.M1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.5.100",
              "status": "affected",
              "version": "8.5.0",
              "versionType": "semver"
            },
            {
              "lessThan": "8.5.0",
              "status": "unknown",
              "version": "3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "10.0.27",
              "status": "unknown",
              "version": "10.0.0-M1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "sw0rd1ight (https://github.com/sw0rd1ight)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eImproper Resource Shutdown or Release vulnerability in Apache Tomcat.\u003c/p\u003e\u003cdiv\u003e\u003cp\u003eIf an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.\u003c/p\u003e\u003c/div\u003e\u003cp\u003eThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109.\u003c/p\u003eThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\u003cbr\u003e\u003cp\u003eUsers are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.\u003c/p\u003e"
            }
          ],
          "value": "Improper Resource Shutdown or Release vulnerability in Apache Tomcat.\n\nIf an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "low"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-404",
              "description": "CWE-404 Improper Resource Shutdown or Release",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-29T11:37:45.872Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/wm9mx8brmx9g4zpywm06ryrtvd3160pp"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Apache Tomcat: Delayed cleaning of multi-part upload temporary files may lead to DoS",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2025-61795",
    "datePublished": "2025-10-27T17:30:28.334Z",
    "dateReserved": "2025-10-01T09:20:53.155Z",
    "dateUpdated": "2025-11-04T21:14:10.512Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2025-31393

CVE-2025-61795 (GCVE-0-2025-61795)

Tags

Sightings

Nomenclature