EUVD-2025-21032

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Uncontrolled Resource Consumption vulnerability in Apache Tomcat requires upgrade to versions fixing the issue.

Reporter	Title	Published	Views	Family All 244
IBM Security Bulletins	Security Bulletin: IBM Integration Bus for z/OS is vulnerable to multiple vulnerabilities due to Apache Tomcat( CVE-2025-53506, CVE-2025-52434 and CVE-2025-52520 )	20 Aug 202506:45	–	ibm
IBM Security Bulletins	Security Bulletin: Common Vulnerabilities Addressed in Cloudera Data Platform Private Cloud Base with IBM 7.3.1	15 May 202615:09	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in tomcat-embed-core-9.0.106.jar	6 Oct 202519:08	–	ibm
IBM Security Bulletins	Security Bulletin: Due to the use of Apache Tomcat, IBM ApplinX is vulnerable to multiple vulnerabilities (CVE-2025-52520, CVE-2025-53506 and CVE-2025-52434).	7 Oct 202514:36	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Uncontrolled Resource Consumption in Apache Tomcat [CVE-2025-53506]	31 Oct 202518:59	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Engineering Requirements Management DOORS and DOORS Web Access is affected by multiple vulnerabilities	6 Mar 202616:04	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities in IBM Business Automation Manager Open Editions.	12 Aug 202509:33	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM webMethods BPM.	11 Nov 202513:35	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Apache Tomcat Server (CVE-2025-52434, CVE-2025-48989, CVE-2025-52520, CVE-2025-53506, CVE-2025-55668, CVE-2025-49125, CVE-2025-48988, CVE-2025-46701, CVE-2025-31651, CVE-2025-31650) affect Power HMC.	20 Nov 202506:10	–	ibm
Tenable Nessus	Amazon Linux 2023 : tomcat10, tomcat10-admin-webapps, tomcat10-el-5.0-api (ALAS2023-2025-1093)	4 Aug 202500:00	–	nessus

[
  {
    "enisaIdVendor": [
      {
        "id": "b4593589-d032-38df-a90e-f28d229cd51d",
        "vendor": {
          "name": "Apache Software Foundation"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "15b3bc46-8b4a-3104-84a0-678724105f79",
        "product": {
          "name": "Apache Tomcat"
        },
        "product_version": ""
      },
      {
        "id": "8e365f7c-f1df-33ca-8fa2-203460991f7a",
        "product": {
          "name": "Apache Tomcat"
        },
        "product_version": "10.1.0-M1 ≤10.1.42"
      },
      {
        "id": "af0ac44c-ddbd-393c-95de-0f0b4c5284f6",
        "product": {
          "name": "Apache Tomcat"
        },
        "product_version": "9.0.0.M1 ≤9.0.106"
      },
      {
        "id": "c9e66a23-7c39-3e27-8d10-e854edcfa1ee",
        "product": {
          "name": "Apache Tomcat"
        },
        "product_version": "8.5.0 ≤8.5.100"
      },
      {
        "id": "e14fec42-6636-3b86-80c1-8b4a2f105deb",
        "product": {
          "name": "Apache Tomcat"
        },
        "product_version": "11.0.0-M1 ≤11.0.8"
      }
    ]
  }
]

Source	Link
lists	www.lists.apache.org/thread/p09775q0rd185m6zz98krg0fp45j8kr0
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-53506
github	www.github.com/apache/tomcat/commit/2aa6261276ebe50b99276953591e3a2be7898bdb
github	www.github.com/apache/tomcat/commit/434772930f362145516dd60681134e7f0cf8115b
github	www.github.com/apache/tomcat/commit/be8f330f83ceddaf3baeed57522e571572b6b99b

03 Oct 2025 20:07Current

8High risk

Vulners AI Score8

CVSS 3.17.5

EPSS0.01247

SSVC