PT-2025-50888 · Tornado+4 · Tornado+4

Finder16

·

Published

2025-12-10

·

Updated

2026-04-10

·

CVE-2025-67726

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Tornado versions 6.5.2 and below
Description Tornado, a Python web framework and asynchronous networking library, is susceptible to a denial-of-service (DoS) condition. The parseparam function within the httputil.py file utilizes an inefficient algorithm when parsing parameters in HTTP header values, specifically when handling multipart/form-data. Repeated calls to string.count() within a nested loop, while processing quoted semicolons, lead to quadratic time complexity (O(n²)) when parsing maliciously crafted parameters in a Content-Disposition header. This can cause the server to become unresponsive due to Tornado’s single event loop architecture.
Recommendations Update to Tornado version 6.5.3 or later.

Exploit

Fix

DoS

Resource Exhaustion

Weakness Enumeration

CWE-400CWE-834

Related Identifiers

ALSA-2026:0930
BDU:2026-02928
CVE-2025-67726
GHSA-JHMP-MQWM-3GQ8
MGASA-2026-0092
OESA-2026-1018
OPENSUSE-SU-2025:15838-1
OPENSUSE-SU-2026:10110-1
OPENSUSE-SU-2026:20015-1
OPENSUSE-SU-2026:20412-1
RHSA-2026:0930
RHSA-2026:2462
RHSA-2026:2465
RHSA-2026:2469
RHSA-2026:2484
SUSE-SU-2026:0010-1
SUSE-SU-2026:0222-1
SUSE-SU-2026:0623-1
SUSE-SU-2026:0625-1
SUSE-SU-2026:0626-1
SUSE-SU-2026:0627-1
SUSE-SU-2026:0629-1
SUSE-SU-2026:0631-1
SUSE-SU-2026:1012-1
SUSE-SU-2026:1014-1
SUSE-SU-2026:1026-1
SUSE-SU-2026:1027-1
SUSE-SU-2026:1028-1
SUSE-SU-2026:1029-1
SUSE-SU-2026:1030-1
SUSE-SU-2026:1140-1
SUSE-SU-2026:1141-1
SUSE-SU-2026:1142-1
SUSE-SU-2026:1146-1
SUSE-SU-2026:1148-1
SUSE-SU-2026:1149-1
SUSE-SU-2026:20007-1
SUSE-SU-2026:20028-1
SUSE-SU-2026:20043-1
SUSE-SU-2026:20071-1
SUSE-SU-2026:20820-1
SUSE-SU-2026:20825-1
USN-7950-1

Affected Products

Debian
Linuxmint
Rocky Linux
Tornado
Ubuntu