How severe is CVE-2025-31650?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2025-31650?

This is classified as CWE-459, which is a common weakness in software security.

CVE-2025-31650 - HIGH Severity | CVSS 7.5

Vulnerability Description

Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resulting in a denial of service. This issue affects Apache Tomcat: from 9.0.76 through 9.0.102, from 10.1.10 through 10.1.39, from 11.0.0-M2 through 11.0.5. Users are recommended to upgrade to version 9.0.104, 10.1.40 or 11.0.6 which fix the issue.

Related Vulnerabilities

CVE-2002-2066

HIGH

CVSS:7.5(High)

BestCrypt BCWipe 1.0.7 and 2.0 through 2.35.1 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information tha...

CWE-4592002

CVE-2002-2067

HIGH

CVSS:7.5(High)

East-Tec Eraser 2002 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be dele...

CWE-4592002

CVE-2002-2068

HIGH

CVSS:7.5(High)

Eraser 5.3 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.

CWE-4592002

CVE-2002-2069

HIGH

CVSS:7.5(High)

PGP 6.x and 7.x does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.

CWE-4592002

CVE-2002-2070

HIGH

CVSS:7.5(High)

SecureClean 3 build 2.0 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be d...

CWE-4592002

CVE-2017-0303

HIGH

CVSS:7.5(High)

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2 and 11.5.1 to 11.6.1, under limited circumstances connections hand...

CWE-4592017