Multiple Vulnerabilities in Apache Tomcat Software

The Apache Software Foundation has released updates addressing multiple vulnerabilities (CVE-2025-31650 and CVE-2025-31651) affecting their Apache Tomcat software. 

The vulnerabilities are:

• CVE-2025-31650: Successful exploitation of the improper input validation vulnerability could allow an attacker to send a large number of failed requests to the vulnerable software to conduct a denial-of-service attack.

• CVE-2025-31651: Successful exploitation of the vulnerability could allow an attacker to send maliciously crafted requests to modify configuration rules and gain access to the application.

The vulnerabilities affect the following product:

• Apache Tomcat versions 11.0.0-M2 to 11.0.5

• Apache Tomcat versions 10.1.10 to 10.1.39 

• Apache Tomcat versions 9.0.76 to 9.0.102

Users and administrators of affected products are advised to update to the latest versions.

More information is available here:

https://nvd.nist.gov/vuln/detail/CVE-2025-31650

https://nvd.nist.gov/vuln/detail/CVE-2025-31651

https://tomcat.apache.org/security-9.html

https://www.tenable.com/cve/CVE-2025-31650

https://www.tenable.com/cve/CVE-2025-31651