{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-02T14:28:47.935","vulnerabilities":[{"cve":{"id":"CVE-2025-31650","sourceIdentifier":"security@apache.org","published":"2025-04-28T20:15:20.653","lastModified":"2025-11-03T20:18:25.740","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resulting in a denial of service.\n\nThis issue affects Apache Tomcat: from 9.0.76 through 9.0.102, from 10.1.10 through 10.1.39, from 11.0.0-M2 through 11.0.5.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.90 though 8.5.100.\n\n\nUsers are recommended to upgrade to version 9.0.104, 10.1.40 or 11.0.6 which fix the issue."},{"lang":"es","value":"Vulnerabilidad de validación de entrada incorrecta en Apache Tomcat. La gestión incorrecta de errores en algunos encabezados de prioridad HTTP no válidos provocó una limpieza incompleta de la solicitud fallida, lo que generó una fuga de memoria. Un gran número de solicitudes de este tipo podría generar una excepción OutOfMemoryException, lo que resulta en una denegación de servicio. Este problema afecta a Apache Tomcat: de la 9.0.76 a la 9.0.102, de la 10.1.10 a la 10.1.39 y de la 11.0.0-M2 a la 11.0.5. Se recomienda actualizar a las versiones 9.0.104, 10.1.40 o 11.0.6, que solucionan el problema."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-459"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-459"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*","versionStartIncluding":"9.0.76","versionEndExcluding":"9.0.104","matchCriteriaId":"6F4F87EB-0046-4BAA-91C8-C60C60425186"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*","versionStartIncluding":"10.1.10","versionEndExcluding":"10.1.40","matchCriteriaId":"7EC8AA6F-0BB4-4075-8F2B-DE39FD9A2BD8"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*","versionStartIncluding":"11.0.1","versionEndExcluding":"11.0.6","matchCriteriaId":"45AB4386-DB38-4808-924A-617CECE9F939"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:11.0.0:milestone10:*:*:*:*:*:*","matchCriteriaId":"57088BDD-A136-45EF-A8A1-2EBF79CEC2CE"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:11.0.0:milestone11:*:*:*:*:*:*","matchCriteriaId":"B32D1D7A-A04F-444E-8F45-BB9A9E4B0199"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:11.0.0:milestone12:*:*:*:*:*:*","matchCriteriaId":"0092FB35-3B00-484F-A24D-7828396A4FF6"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:11.0.0:milestone13:*:*:*:*:*:*","matchCriteriaId":"CB557E88-FA9D-4B69-AA6F-EAEE7F9B01AC"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:11.0.0:milestone14:*:*:*:*:*:*","matchCriteriaId":"72D3C6F1-84FA-4F82-96C1-9A8DA1C1F30F"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:11.0.0:milestone15:*:*:*:*:*:*","matchCriteriaId":"3521C81B-37D9-48FC-9540-D0D333B9A4A4"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:11.0.0:milestone16:*:*:*:*:*:*","matchCriteriaId":"02A84634-A8F2-4BA9-B9F3-BEF36AEC5480"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:11.0.0:milestone17:*:*:*:*:*:*","matchCriteriaId":"ECBBC1F1-C86B-40AF-B740-A99F6B27682A"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:11.0.0:milestone18:*:*:*:*:*:*","matchCriteriaId":"9D2206B2-F3FF-43F2-B3E2-3CAAC64C691D"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:11.0.0:milestone19:*:*:*:*:*:*","matchCriteriaId":"0495A538-4102-40D0-A35C-0179CFD52A9D"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:11.0.0:milestone2:*:*:*:*:*:*","matchCriteriaId":"2AAD52CE-94F5-4F98-A027-9A7E68818CB6"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:11.0.0:milestone20:*:*:*:*:*:*","matchCriteriaId":"77BA6600-0890-4BA1-B447-EC1746BAB4FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:11.0.0:milestone21:*:*:*:*:*:*","matchCriteriaId":"7914D26B-CBD6-4846-9BD3-403708D69319"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:11.0.0:milestone22:*:*:*:*:*:*","matchCriteriaId":"123C6285-03BE-49FC-B821-8BDB25D02863"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:11.0.0:milestone23:*:*:*:*:*:*","matchCriteriaId":"8A28C2E2-B7BC-46CE-94E4-AE3EF172AA47"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:11.0.0:milestone24:*:*:*:*:*:*","matchCriteriaId":"069B0D8E-8223-4C4E-A834-C6235D6C3450"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:11.0.0:milestone25:*:*:*:*:*:*","matchCriteriaId":"E6282085-5716-4874-B0B0-180ECDEE128F"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:11.0.0:milestone3:*:*:*:*:*:*","matchCriteriaId":"F1F981F5-035A-4EDD-8A9F-481EE8BC7FF7"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:11.0.0:milestone4:*:*:*:*:*:*","matchCriteriaId":"03A171AF-2EC8-4422-912C-547CDB58CAAA"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:11.0.0:milestone5:*:*:*:*:*:*","matchCriteriaId":"538E68C4-0BA4-495F-AEF8-4EF6EE7963CF"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:11.0.0:milestone6:*:*:*:*:*:*","matchCriteriaId":"49350A6E-5E1D-45B2-A874-3B8601B3ADCC"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:11.0.0:milestone7:*:*:*:*:*:*","matchCriteriaId":"5F50942F-DF54-46C0-8371-9A476DD3EEA3"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:11.0.0:milestone8:*:*:*:*:*:*","matchCriteriaId":"D12C2C95-B79F-4AA4-8CE3-99A3EE7991AB"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:11.0.0:milestone9:*:*:*:*:*:*","matchCriteriaId":"98792138-DD56-42DF-9612-3BDC65EEC117"}]}]}],"references":[{"url":"https://lists.apache.org/thread/j6zzk0y3yym9pzfzkq5vcyxzz0yzh826","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2025/04/28/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}