{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-01T02:50:02.186","vulnerabilities":[{"cve":{"id":"CVE-2025-52520","sourceIdentifier":"security@apache.org","published":"2025-07-10T19:15:25.570","lastModified":"2025-11-04T22:16:20.603","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size limits.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue."},{"lang":"es","value":"En algunas configuraciones improbables de carga multiparte, una vulnerabilidad de desbordamiento de enteros en Apache Tomcat podría provocar un ataque de denegación de servicio (DoS) al eludir los límites de tamaño. Este problema afecta a Apache Tomcat: de 11.0.0-M1 a 11.0.8, de 10.1.0-M1 a 10.1.42, y de 9.0.0.M1 a 9.0.106. Se recomienda actualizar a las versiones 11.0.9, 10.1.43 o 9.0.107, que solucionan el problema."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*","versionStartIncluding":"9.0.0","versionEndExcluding":"9.0.107","matchCriteriaId":"E068C4BE-B0A9-4C86-A03C-33089784EC21"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*","versionStartIncluding":"10.1.0","versionEndExcluding":"10.1.43","matchCriteriaId":"FCF8FCC4-CE15-4B52-91D8-9B90563F3F7F"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*","versionStartIncluding":"11.0.0","versionEndExcluding":"11.0.9","matchCriteriaId":"52667567-7D5A-40AE-8C3B-4270A4BD059C"}]}]}],"references":[{"url":"https://lists.apache.org/thread/trqq01bbxw6c92zx69kx2mw2qgmfy0o5","source":"security@apache.org","tags":["Issue Tracking","Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2025/07/10/12","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}