PT-2025-28239 · Apache+10 · Apache Tomcat+11

Saravana Kumar

·

Published

2025-01-01

·

Updated

2026-03-26

·

CVE-2025-52520

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 11.0.0-M1 through 11.0.8 Apache Tomcat versions 10.1.0-M1 through 10.1.42 Apache Tomcat versions 9.0.0.M1 through 9.0.106
Description: An integer overflow issue in Apache Tomcat, under specific multipart upload configurations, may allow a denial-of-service (DoS) attack by bypassing size limits.
Recommendations: Upgrade to Apache Tomcat version 11.0.9. Upgrade to Apache Tomcat version 10.1.43. Upgrade to Apache Tomcat version 9.0.107.

Fix

DoS

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALSA-2025:14177
ALSA-2025:14178
ALSA-2025:14181
ALT-PU-2025-13135
BDU:2025-08953
BIT-TOMCAT-2025-52520
CESA-2025_14177
CVE-2025-52520
DLA-4244-1
GHSA-WR62-C79Q-CV37
INFSA-2025_14177
INFSA-2025_14181
MGASA-2025-0223
OESA-2025-1892
OESA-2025-1893
OESA-2025-1894
OESA-2025-1895
OESA-2025-1896
OESA-2025-1897
OPENSUSE-SU-2025:15440-1
OPENSUSE-SU-2025:15441-1
OPENSUSE-SU-2025:15442-1
RHSA-2025:11695
RHSA-2025:13685
RHSA-2025:14177
RHSA-2025:14178
RHSA-2025:14179
RHSA-2025:14180
RHSA-2025:14181
RHSA-2025:14182
RHSA-2025:14183
RHSA-2025_14177
RHSA-2025_14181
SUSE-SU-2025:02745-1
SUSE-SU-2025:02978-1
SUSE-SU-2025:02979-1
SUSE-SU-2025:03024-1
SUSE-SU-2025_02745-1
SUSE-SU-2025_02978-1
SUSE-SU-2025_02979-1
SUSE-SU-2025_03024-1
SUSE-SU-2026:1058-1

Affected Products

Alt Linux
Almalinux
Apache Tomcat
Astra Linux
Bamboo
Bitbucket
Centos
Debian
Red Hat
Red Os
Rocky Linux
Suse