How severe is CVE-2022-25762?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.6 out of 10.

What type of vulnerability is CVE-2022-25762?

This is classified as CWE-404, which is a common weakness in software security.

CVE-2022-25762

HIGH Year: 2022

CVSS v3 Score

8.6

High

CVSS v2 Score

7.5

High

Weakness Type

CWE-404

View all →

Vulnerability Description

If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling triggered in this case could cause the a pooled object to be placed in the pool twice. This could result in subsequent connections using the same object concurrently which could result in data being returned to the wrong use and/or other errors.

CVE-2017-1145

HIGH

CVSS:8.6(High)

IBM WebSphere MQ 8.0.0.6 does not properly terminate channel agents when they are no longer needed, which could allow a user to cause a denial of service through resource exhaustion. IBM Reference #: ...

CWE-4042017

CVE-2019-1706

HIGH

CVSS:8.6(High)

A vulnerability in the software cryptography module of the Cisco Adaptive Security Virtual Appliance (ASAv) and Firepower 2100 Series running Cisco Adaptive Security Appliance (ASA) Software could all...

CWE-4042019

CVE-2019-1708

HIGH

CVSS:8.6(High)

A vulnerability in the Internet Key Exchange Version 2 Mobility and Multihoming Protocol (MOBIKE) feature for the Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (F...

CWE-4042019

CVE-2020-26070

HIGH

CVSS:8.6(High)

A vulnerability in the ingress packet processing function of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a den...

CWE-4042020

CVE-2023-20042

HIGH

CVSS:8.6(High)

A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker ...

CWE-4042023

CVE-2018-8450

HIGH

CVSS:8.8(High)

A remote code execution vulnerability exists when Windows Search handles objects in memory, aka "Windows Search Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Wi...

CWE-4042018

CVE-2022-25762

Vulnerability Description

Related Vulnerabilities

CVE-2017-1145

CVE-2019-1706

CVE-2019-1708

CVE-2020-26070

CVE-2023-20042

CVE-2018-8450