CVE-2025-61795

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 8.5.0 through 8.5.100 Apache Tomcat versions 9.0.0.M1 through 9.0.109 Apache Tomcat versions 10.1.0-M1 through 10.1.46 Apache Tomcat versions 11.0.0-M1 through 11.0.11

Description An issue exists in Apache Tomcat related to improper resource shutdown or release. During a multipart upload, if an error occurs, temporary files created to store the uploaded parts are not immediately deleted, potentially leading to a denial-of-service (DoS) condition. This can occur if the Java garbage collection process cannot clear the temporary files quickly enough, especially under high load or with specific JVM settings.

Recommendations Upgrade to Apache Tomcat version 11.0.12 or later. Upgrade to Apache Tomcat version 10.1.47 or later. Upgrade to Apache Tomcat version 9.0.110 or later.