CVE-2025-61795 Apache Tomcat: Delayed cleaning of multi-part upload temporary files may lead to DoS

🗓️ 27 Oct 2025 17:30:28Reported by apacheType

Apache Tomcat faces a DoS due to delayed cleanup of multipart upload temporary files after errors.

Reporter	Title	Published	Views	Family All 202
IBM Security Bulletins	Security Bulletin: IBM DevOps Release addresses multiple vulnerabilities related to Apache Tomcat.	24 Mar 202613:26	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities	1 Dec 202516:17	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Observability with Instana (OnPrem)	9 Dec 202515:01	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities addressed in IBM Big Replicate LiveData Migrator 3.4	23 Apr 202612:28	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which are vulnerable to CVEs.	29 Dec 202505:42	–	ibm
IBM Security Bulletins	Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is affected by multiple Apache Tomcat vulnerabilities (CVE-2025-55752, CVE-2025-61795)	12 Dec 202520:44	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a directory traversal, security bypass, and D.O.S. in Apache Tomcat (CVE-2025-55752, CVE-2025-55754, CVE-2025-61795)	27 Feb 202615:33	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Apache Tomcat and hoek might affect IBM Storage Defender Copy Data Management	10 Apr 202614:40	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Integration Bus for z/OS is vulnerable to multiple vulnerabilities due to Apache Tomcat( CVE-2025-55752,CVE-2025-55754 & CVE-2025-61795)	18 Nov 202515:30	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to improper resource shutdown or release CVE-2025-61795	19 Mar 202613:27	–	ibm

[
  {
    "defaultStatus": "unaffected",
    "product": "Apache Tomcat",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThanOrEqual": "11.0.11",
        "status": "affected",
        "version": "11.0.0-M1",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "10.1.46",
        "status": "affected",
        "version": "10.1.0-M1",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "9.0.109",
        "status": "affected",
        "version": "9.0.0.M1",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "8.5.100",
        "status": "affected",
        "version": "8.5.0",
        "versionType": "semver"
      },
      {
        "lessThan": "8.5.0",
        "status": "unknown",
        "version": "3",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "10.0.27",
        "status": "unknown",
        "version": "10.0.0-M1",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
lists	www.lists.apache.org/thread/wm9mx8brmx9g4zpywm06ryrtvd3160pp

29 Oct 2025 11:37Current

EPSS0.00129

CWE-404