Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Multiple Vulnerabilities in Apache Tomcat Software
Alerts

Multiple Vulnerabilities in Apache Tomcat Software

30 April 2025

The Apache Software Foundation has released updates addressing multiple vulnerabilities affecting their Apache Tomcat software. Users and administrators of affected products are advised to update to the latest versions immediately.

The Apache Software Foundation has released updates addressing multiple vulnerabilities (CVE-2025-31650 and CVE-2025-31651) affecting their Apache Tomcat software. 

The vulnerabilities are:

  • CVE-2025-31650: Successful exploitation of the improper input validation vulnerability could allow an attacker to send a large number of failed requests to the vulnerable software to conduct a denial-of-service attack.

  • CVE-2025-31651: Successful exploitation of the vulnerability could allow an attacker to send maliciously crafted requests to modify configuration rules and gain access to the application.

The vulnerabilities affect the following product:

  • Apache Tomcat versions 11.0.0-M2 to 11.0.5

  • Apache Tomcat versions 10.1.10 to 10.1.39 

  • Apache Tomcat versions 9.0.76 to 9.0.102

Users and administrators of affected products are advised to update to the latest versions.

More information is available here:

https://nvd.nist.gov/vuln/detail/CVE-2025-31650

https://nvd.nist.gov/vuln/detail/CVE-2025-31651

https://tomcat.apache.org/security-9.html

https://www.tenable.com/cve/CVE-2025-31650

https://www.tenable.com/cve/CVE-2025-31651


Back to top