PT-2025-50883 · Tornado+3 · Tornado+3

Finder16

·

Published

2025-12-12

·

Updated

2026-04-11

·

CVE-2025-67724

CVSS v3.1

6.1

Medium

VectorAV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Tornado versions 6.5.2 and below
Description Tornado, a Python web framework and asynchronous networking library, has an issue where the reason phrase supplied to functions like RequestHandler.set status and tornado.web.HTTPError is used without proper escaping. This can lead to header injection when used in HTTP headers and cross-site scripting (XSS) when displayed in the default error page's HTML. The reason argument is intended for custom HTTP status phrases. Exploitation involves providing untrusted or malicious data as the reason argument.
Recommendations Versions prior to 6.5.3 should be updated to version 6.5.3 or later.

Exploit

Fix

XSS

Weakness Enumeration

CWE-644CWE-79

Related Identifiers

AZL-72371
AZL-72377
CVE-2025-67724
GHSA-PR2V-JX2C-WG9F
MGASA-2026-0092
OESA-2026-1903
OPENSUSE-SU-2025:15838-1
OPENSUSE-SU-2026:10110-1
OPENSUSE-SU-2026:20015-1
OPENSUSE-SU-2026:20412-1
SUSE-SU-2026:0010-1
SUSE-SU-2026:0625-1
SUSE-SU-2026:0626-1
SUSE-SU-2026:0627-1
SUSE-SU-2026:0629-1
SUSE-SU-2026:0631-1
SUSE-SU-2026:0838-1
SUSE-SU-2026:1012-1
SUSE-SU-2026:1014-1
SUSE-SU-2026:1026-1
SUSE-SU-2026:1027-1
SUSE-SU-2026:1028-1
SUSE-SU-2026:1029-1
SUSE-SU-2026:1030-1
SUSE-SU-2026:1140-1
SUSE-SU-2026:1141-1
SUSE-SU-2026:1142-1
SUSE-SU-2026:1146-1
SUSE-SU-2026:1148-1
SUSE-SU-2026:1149-1
SUSE-SU-2026:1162-1
SUSE-SU-2026:20007-1
SUSE-SU-2026:20028-1
SUSE-SU-2026:20043-1
SUSE-SU-2026:20071-1
SUSE-SU-2026:20820-1
SUSE-SU-2026:20825-1
USN-7950-1

Affected Products

Debian
Linuxmint
Tornado
Ubuntu