Apache Tomcat

A critical denial-of-service vulnerability in Apache Tomcat has been publicly exposed, affecting servers running versions 10.1.10 through 10.1.39. The exploit, designated as CVE-2025-31650, leverages malformed HTTP/2 priority headers to cause memory exhaustion on vulnerable Tomcat instances. This vulnerability, if exploited, can lead to complete service disruption, overwhelming even well-provisioned servers through sustained memory exhaustion.

Source: https://cybersecuritynews.com/apache-tomcat-dos-vulnerability-poc/

TPRM report: https://scoringcyber.rankiteo.com/company/the-apache-software-foundation

"id": "the951060625",
"linkid": "the-apache-software-foundation",
"type": "Vulnerability",
"date": "6/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"

{'affected_entities': [{'industry': 'Technology',
                        'name': 'Apache Tomcat',
                        'type': 'Software'}],
 'attack_vector': 'Malformed HTTP/2 priority headers',
 'date_detected': '2025-06-05',
 'date_publicly_disclosed': '2025-06-05',
 'description': 'A proof-of-concept exploit targeting a critical '
                'denial-of-service vulnerability in Apache Tomcat has been '
                'publicly released, exposing servers running versions 10.1.10 '
                'through 10.1.39 to potential attacks. The exploit, designated '
                'as CVE-2025-31650, leverages malformed HTTP/2 priority '
                'headers to cause memory exhaustion on vulnerable Tomcat '
                'instances.',
 'impact': {'operational_impact': 'Complete service disruption',
            'systems_affected': 'Apache Tomcat servers running versions '
                                '10.1.10 through 10.1.39'},
 'initial_access_broker': {'entry_point': 'HTTP/2 priority headers'},
 'lessons_learned': 'Immediate prioritization of upgrades to patched releases, '
                    'implementation of rate limiting and monitoring for '
                    'unusual patterns in priority header usage, and '
                    'considering temporary disabling of HTTP/2 support on '
                    'critical instances.',
 'motivation': 'Security research and public disclosure',
 'post_incident_analysis': {'corrective_actions': 'Upgrade to patched '
                                                  'releases, implement rate '
                                                  'limiting and monitoring for '
                                                  'unusual patterns in '
                                                  'priority header usage, set '
                                                  'up memory monitoring '
                                                  'alerts, consider '
                                                  'temporarily disabling '
                                                  'HTTP/2 support on critical '
                                                  'instances.',
                            'root_causes': 'Fundamental flaw in how Apache '
                                           'Tomcat processes HTTP/2 priority '
                                           'headers'},
 'recommendations': 'Upgrade to patched releases, implement rate limiting for '
                    'HTTP/2 connections, monitor for unusual patterns in '
                    'priority header usage, set up memory monitoring alerts, '
                    'and consider temporarily disabling HTTP/2 support on '
                    'critical instances.',
 'references': [{'date_accessed': '2025-06-05',
                 'source': 'Security researcher Abdualhadi Khalifa'}],
 'response': {'containment_measures': 'Upgrade to patched releases, rate '
                                      'limiting for HTTP/2 connections, '
                                      'monitoring for unusual patterns in '
                                      'priority header usage, memory '
                                      'monitoring alerts, disabling HTTP/2 '
                                      'support temporarily',
              'enhanced_monitoring': 'Rate limiting for HTTP/2 connections, '
                                     'monitoring for unusual patterns in '
                                     'priority header usage, memory monitoring '
                                     'alerts',
              'remediation_measures': 'Upgrade to patched releases, rate '
                                      'limiting for HTTP/2 connections, '
                                      'monitoring for unusual patterns in '
                                      'priority header usage, memory '
                                      'monitoring alerts, disabling HTTP/2 '
                                      'support temporarily'},
 'threat_actor': 'Security researcher Abdualhadi Khalifa',
 'title': 'Critical Denial-of-Service Vulnerability in Apache Tomcat',
 'type': 'Denial-of-Service',
 'vulnerability_exploited': 'CVE-2025-31650'}

Apache Tomcat

Mitsubishi Electric

ONGC

Brother Industries