- Home
- Alerts & Advisories
- Alerts
- Multiple Vulnerabilities in Apache Tomcat Software
Multiple Vulnerabilities in Apache Tomcat Software
30 April 2025
The Apache Software Foundation has released updates addressing multiple vulnerabilities affecting their Apache Tomcat software. Users and administrators of affected products are advised to update to the latest versions immediately.
The Apache Software Foundation has released updates addressing multiple vulnerabilities (CVE-2025-31650 and CVE-2025-31651) affecting their Apache Tomcat software.
The vulnerabilities are:
CVE-2025-31650: Successful exploitation of the improper input validation vulnerability could allow an attacker to send a large number of failed requests to the vulnerable software to conduct a denial-of-service attack.
CVE-2025-31651: Successful exploitation of the vulnerability could allow an attacker to send maliciously crafted requests to modify configuration rules and gain access to the application.
The vulnerabilities affect the following product:
Apache Tomcat versions 11.0.0-M2 to 11.0.5
Apache Tomcat versions 10.1.10 to 10.1.39
Apache Tomcat versions 9.0.76 to 9.0.102
Users and administrators of affected products are advised to update to the latest versions.
More information is available here:
https://nvd.nist.gov/vuln/detail/CVE-2025-31650
https://nvd.nist.gov/vuln/detail/CVE-2025-31651
https://tomcat.apache.org/security-9.html
https://www.tenable.com/cve/CVE-2025-31650
https://www.tenable.com/cve/CVE-2025-31651