CVE-2025-52434

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 9.0.0.M1 through 9.0.106

Description: A race condition exists due to concurrent execution using a shared resource with improper synchronization when using the APR/Native connector. This issue is particularly noticeable with client-initiated closes of HTTP/2 connections.

Recommendations: Upgrade to version 9.0.107 to resolve the issue.

Fix

DoS

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

ALSA-2025:14177

ALSA-2025:14178

ALSA-2025:14181

ALT-PU-2025-13135

BDU:2025-08954

BIT-TOMCAT-2025-52434

CESA-2025_14177

CVE-2025-52434

DLA-4244-1

GHSA-4J3C-42XV-3F84

INFSA-2025_14177

INFSA-2025_14181

MGASA-2025-0223

OESA-2025-1892

OESA-2025-1893

OESA-2025-1894

OESA-2025-1895

OESA-2025-1896

OESA-2025-1897

OPENSUSE-SU-2025:15440-1

RHSA-2025:11695

RHSA-2025:14177

RHSA-2025:14178

RHSA-2025:14180

RHSA-2025:14181

RHSA-2025:14182

RHSA-2025:14183

RHSA-2025_14177

RHSA-2025_14181

SUSE-SU-2025:03024-1

SUSE-SU-2025_03024-1

SUSE-SU-2026:1058-1

Affected Products

Alt Linux

Almalinux

Apache Tomcat

Astra Linux

Bamboo

Bitbucket

Centos

Debian

Red Hat

Red Os

Rocky Linux

Suse

CVE-2025-52434

Weakness Enumeration

Related Identifiers

Affected Products

References · 137