CVE-2025-31650
HIGHCVSS v3
7.5
HIGH
EPSS Score
15.6%
exploit probability
CISA KEV
No
known exploited
Exploitation
—
SSVC status
Description
Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resulting in a denial of service. This issue affects Apache Tomcat: from 9.0.76 through 9.0.102, from 10.1.10 through 10.1.39, from 11.0.0-M2 through 11.0.5. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.90 though 8.5.100. Users are recommended to upgrade to version 9.0.104, 10.1.40 or 11.0.6 which fix the issue.
Technical Details
- Published
- 4/28/2025
- Exploit-DB
- EDB-52318
Frequently Asked Questions
What is CVE-2025-31650?
Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resulting in a denial of service. This issue affects Apache Tomcat: from 9.0.76 through 9.0.102, from 10.1.10 through 10.1.39, from 11.0.0-M2 through 11.0.5. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.90 though 8.5.100. Users are recommended to upgrade to version 9.0.104, 10.1.40 or 11.0.6 which fix the issue.
Is CVE-2025-31650 actively exploited?
Active exploitation of CVE-2025-31650 has not been confirmed. The EPSS score is 15.6%, indicating the estimated probability of exploitation in the next 30 days.
What is the CVSS score for CVE-2025-31650?
CVE-2025-31650 has a CVSS v3 base score of 7.5 (HIGH severity).
Is CVE-2025-31650 affecting your environment?
Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.