AZL-72371 CVE-2025-67724 affecting package python-tornado 6.2.0-1

🗓️ 12 Dec 2025 06:15:41Reported by GoogleType

osv

osv🔗 osv.dev👁 1 Views

Tornado 6.5.2 exposes unescaped reason phrases, enabling header injection and XSS; fixed in 6.5.3.

Reporter	Title	Published	Views	Family All 128
IBM Security Bulletins	Security Bulletin: IBM Maximo Application Suite - Monitor Component uses tornado-6.5-cp39-abi3-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl which is vulnerable to CVE-2025-67724, CVE-2025-67725, CVE-2025-67726.	27 Feb 202611:35	–	ibm
Tenable Nessus	Amazon Linux 2023 : python3-tornado (ALAS2023-2025-1338)	8 Jan 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : python3.13-tornado (ALAS2023-2026-1528)	1 Apr 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2 : python-tornado, --advisory ALAS2-2025-3106 (ALAS-2025-3106)	5 Jan 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2 : python3-tornado, --advisory ALAS2-2025-3109 (ALAS-2025-3109)	5 Jan 202600:00	–	nessus
Tenable Nessus	Debian dla-4461 : python-tornado-doc - security update	1 Feb 202600:00	–	nessus
Tenable Nessus	Debian dsa-6195 : python-tornado-doc - security update	5 Apr 202600:00	–	nessus
Tenable Nessus	openSUSE 16 Security Update : python-tornado6 (openSUSE-SU-2026:20015-1)	15 Jan 202600:00	–	nessus
Tenable Nessus	openSUSE 16 Security Update : salt (openSUSE-SU-2026:20412-1)	29 Mar 202600:00	–	nessus
Tenable Nessus	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-tornado6 (SUSE-SU-2026:0010-1)	6 Jan 202600:00	–	nessus

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-67724

21 Apr 2026 04:36Current

5.7Medium risk

Vulners AI Score5.7

CVSS 3.15.4 - 6.1

EPSS0.00035

tornado unescaped phrases header injection cross site scripting six five two