CVE-2025-52520

CWE-190 — Integer Overflow8 documents7 sources

Severity

7.5HIGH

EPSS

0.2%

top 53.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Tomcat Apache Software Foundation Apache Tomcat

Timeline

PublishedJul 10

Latest updateOct 15

Description

For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size limits. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages7 packages

▶NVDapache/tomcat9.0.0 — 9.0.107+2

▶Mavenorg.apache.tomcat:tomcat-catalina11.0.0-M1 — 11.0.9+3

▶Mavenorg.apache.tomcat.embed:tomcat-embed-core11.0.0-M1 — 11.0.9+3

▶CVEListV5apache_software_foundation/apache_tomcat11.0.0-M1 — 11.0.8+3

▶Debiantomcat9< 9.0.107-0+deb11u1+3

🔴Vulnerability Details

OSV

Apache Tomcat Catalina is vulnerable to DoS attack through bypassing of size limits↗2025-07-10

▶

CVEList

Apache Tomcat: DoS via integer overflow in multipart file upload↗2025-07-10

▶

GHSA

Apache Tomcat Catalina is vulnerable to DoS attack through bypassing of size limits↗2025-07-10

▶

OSV

CVE-2025-52520: For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size lim↗2025-07-10

▶

📋Vendor Advisories

Oracle

Oracle Oracle Graph Server and Client Risk Matrix: Install (Apache Tomcat) — CVE-2025-52520↗2025-10-15

▶

Red Hat

tomcat: Apache Tomcat denial of service↗2025-07-10

▶

Debian

CVE-2025-52520: tomcat10 - For some unlikely configurations of multipart upload, an Integer Overflow vulner...↗2025

▶