CVE-2025-53506
- Source
- https://cve.org/CVERecord?id=CVE-2025-53506
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-53506.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-53506
- Aliases
- Downstream
- Related
- Published
- 2025-07-10T20:15:26.970Z
- Modified
- 2026-03-20T04:20:56.121450Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Other EOL versions may also be affected.
Users are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue.
- References
Affected packages
Git / github.com/apache/tomcat
Affected ranges
- Type
- GIT
- Repo
- https://github.com/apache/tomcat
- Events
-
IntroducedLast affectedIntroducedLast affectedIntroducedLast affected
- Database specific
{ "versions": [ { "introduced": "9.0.0" }, { "last_affected": "9.0.106" }, { "introduced": "10.1.0" }, { "last_affected": "10.1.42" }, { "introduced": "11.0.0" }, { "last_affected": "11.0.8" } ] }