Apache Tomcat April Vulnerability Security Update Advisory

Apr 29 2025

Overview

Apache Tomcat(https://tomcat.apache.org/) has released a security update that fixes vulnerabilities in its shipped products. Users of affected products are advised to update to the latest version.

Affected Products

Apache Tomcat 9.0.76 – 9.0.102

Apache Tomcat 9.0.0.M1 – 9.0.102

Apache Tomcat 11.0.0-M2 – 11.0.5

Apache Tomcat 11.0.0-M1 – 11.0.5

Apache Tomcat 10.1.10 – 10.1.39

Apache Tomcat 10.1.0-M1 – 10.1.39

Resolved Vulnerabilities

Rewrite rule bypass vulnerability caused by a crafted request in Apache Tomcat (CVE-2025-31651)

Denial of Service attack vulnerability in Apache Tomcat caused by a memory leak (CVE-2025-31650)

Vulnerability Patches

Please follow the security advisory published on April 28, 2025 to update to the applicable version and the latest version.

Apache Tomcat 9.0.104

Apache Tomcat 11.0.6

Apache Tomcat 10.1.40

Referenced Sites

[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31651

[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31650

[3] https://tomcat.apache.org/security

Apache Tomcat April Vulnerability Security Update Advisory

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Mozilla Products April 2025 3rd Security Update Advisory

SAP Product Security Update Advisory (CVE-2025-31324)

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Tags:

Mozilla Products April 2025 3rd Security Update Advisory

SAP Product Security Update Advisory (CVE-2025-31324)