CVE-2025-31650
Apache Tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
3
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Attend
*SSVC
Descriptions
Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resulting in a denial of service. This issue affects Apache Tomcat: from 9.0.76 through 9.0.102, from 10.1.10 through 10.1.39, from 11.0.0-M2 through 11.0.5. Users are recommended to upgrade to version 9.0.104, 10.1.40 or 11.0.6 which fix the issue.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Attend
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2025-03-31 CVE Reserved
- 2025-04-28 CVE Published
- 2025-04-30 First Exploit
- 2025-05-06 CVE Updated
- 2025-05-07 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
- CWE-459: Incomplete Cleanup
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2025/04/28/2 |
|
| URL | Date | SRC |
|---|---|---|
| https://github.com/absholi7ly/TomcatKiller-CVE-2025-31650 | 2025-04-30 | |
| https://github.com/tunahantekeoglu/CVE-2025-31650 | 2025-04-30 | |
| https://github.com/sattarbug/Analysis-of-TomcatKiller---CVE-2025-31650-Exploit-Tool | 2025-05-02 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://lists.apache.org/thread/j6zzk0y3yym9pzfzkq5vcyxzz0yzh826 | 2025-04-28 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apache Software Foundation Search vendor "Apache Software Foundation" | Apache Tomcat Search vendor "Apache Software Foundation" for product "Apache Tomcat" | >= 9.0.76 <= 9.0.102 Search vendor "Apache Software Foundation" for product "Apache Tomcat" and version " >= 9.0.76 <= 9.0.102" | en |
Affected
| ||||||
| Apache Software Foundation Search vendor "Apache Software Foundation" | Apache Tomcat Search vendor "Apache Software Foundation" for product "Apache Tomcat" | >= 10.1.10 <= 10.1.39 Search vendor "Apache Software Foundation" for product "Apache Tomcat" and version " >= 10.1.10 <= 10.1.39" | en |
Affected
| ||||||
| Apache Software Foundation Search vendor "Apache Software Foundation" | Apache Tomcat Search vendor "Apache Software Foundation" for product "Apache Tomcat" | >= 11.0.0-M2 <= 11.0.5 Search vendor "Apache Software Foundation" for product "Apache Tomcat" and version " >= 11.0.0-M2 <= 11.0.5" | en |
Affected
| ||||||