Get a Demo

Let's Patch It!

Book a short call with one our specialists, we'll walk you through how Endor Patches work, and ask you a few questions about your environment (like your primary programming languages and repository management). We'll also send you an email right after you fill out the form, feel free to reply with any questions you have in advance!

cve-2025-52520
Back to All
CVE

CVE-2025-52520

Apache Tomcat Catalina is vulnerable to DoS attack through bypassing of size limits

Description

For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size limits.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions may also be affected.

Users are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue.

Base CVSS

7.5

EPSS Score

0.16%

Introduced Version

7.0.23

Fix Available

11.0.9,9.0.107,10.1.43

Available Patches

Package
CVEs Fixed
Lines of Code Changed
Package Name
org.apache.tomcat.embed:tomcat-embed-core
11.0.2
7 CVES Fixed
C
0
H
7
M
0
L
0
Code Changed
+397
-159

References

https://github.com/apache/tomcat/commit/927d66fbc294cb65242102b817a45fd80834e040
https://nvd.nist.gov/vuln/detail/CVE-2025-52520
https://lists.apache.org/thread/trqq01bbxw6c92zx69kx2mw2qgmfy0o5
https://github.com/apache/tomcat/commit/a51e4bedccfafd35b7cdd0ee3e22267dee9f90db
https://github.com/apache/tomcat/commit/fc42bbccb9041fafd194fbfdf3eab1d44cb5c45c
https://github.com/apache/tomcat

AppSec for the Software Development Revolution

Endor Labs builds a complete graph of your software estate, so teams can pinpoint and fix critical risks in complex, dependency-rich code—whether it was written by humans or AI.

Welcome to the resistance
Oops! Something went wrong, please try again.