Apache Tomcat July 07 Secondary Security Update Advisory
Overview
Apache Tomcat(https://tomcat.apache.org/) has released a security update that addresses a vulnerability in its shipped products. Users of affected products are advised to update to the latest version.
Affected Products
Apache Tomcat 11.0.0-M1 – 11.0.8
Apache Tomcat 10.1.0-M1 – 10.1.42
Resolved Vulnerabilities
Denial of Service Attack Vulnerability in Apache Tomcat caused by an overflow (CVE-2025-52520)
Denial of Service Attack Vulnerability in Apache Tomcat (CVE-2025-53506)
Vulnerability Patches
Please follow the security advisory published on July 10, 2025 to update to the applicable version and the latest version.
Apache Tomcat 11.0.9
Apache Tomcat 10.1.43
Referenced Sites
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52520
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53506