Apache Tomcat July 07 Secondary Security Update Advisory

Apache Tomcat July 07 Secondary Security Update Advisory

Overview

 

Apache Tomcat(https://tomcat.apache.org/) has released a security update that addresses a vulnerability in its shipped products. Users of affected products are advised to update to the latest version.

 

Affected Products

 

Apache Tomcat 11.0.0-M1 – 11.0.8

Apache Tomcat 10.1.0-M1 – 10.1.42

 

Resolved Vulnerabilities

 

Denial of Service Attack Vulnerability in Apache Tomcat caused by an overflow (CVE-2025-52520)

Denial of Service Attack Vulnerability in Apache Tomcat (CVE-2025-53506)

 

Vulnerability Patches

 

Please follow the security advisory published on July 10, 2025 to update to the applicable version and the latest version.

Apache Tomcat 11.0.9

Apache Tomcat 10.1.43

 

Referenced Sites

 

[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52520

[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53506

[3] https://tomcat.apache.org/security