#VU117682 Resource exhaustion in Apache Tomcat - CVE-2025-61795
Published: October 27, 2025 / Updated: October 29, 2025
Vulnerability identifier: #VU117682
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2025-61795
CWE-ID: CWE-400
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Apache Tomcat
Apache Tomcat
Software vendor:
Apache Foundation
Apache Foundation
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when handling errors while processing multipart upload. Depending on JVM settings, application memory usage and application load, it is possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.
Remediation
Install updates from vendor's website.