7.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2025-52520

GHSA ID

GHSA-wr62-c79q-cv37

EPSS Score

0.11189%

CWE

CWE-190

Published

7/10/2025

Updated

7/11/2025

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-52520

CVE-2025-52520: Apache Tomcat Catalina is vulnerable to DoS attack through bypassing of size limits

For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size limits.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106.

Users are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue.

(GitHub Advisory)

7.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2025-52520

GHSA ID

GHSA-wr62-c79q-cv37

EPSS Score

0.11189%

CWE

CWE-190

Published

7/10/2025

Updated

7/11/2025

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.apache.tomcat:tomcat-catalina	maven	>= 11.0.0-M1, < 11.0.9	11.0.9
org.apache.tomcat:tomcat-catalina	maven	>= 10.1.0-M1, < 10.1.43	10.1.43
org.apache.tomcat:tomcat-catalina	maven	>= 9.0.0.M1, < 9.0.107	9.0.107

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability lies in the parseParts method within the org.apache.catalina.connector.Request class. The core of the issue is an integer overflow vulnerability. The postSize variable, which accumulates the size of the parts of a multipart request, was declared as an int. For very large uploads, this variable could overflow, wrapping around to a small or negative value. This would cause the check against maxPostSize to pass, even though the actual size of the request is much larger. This allows an attacker to bypass the intended size limits, potentially leading to a Denial of Service by exhausting server resources (disk space or memory). The provided patches clearly show the fix: changing the postSize variable to a long and using Math.addExact for calculations to prevent overflow by throwing an exception if the result exceeds the capacity of a long. All three supplied commits point to this exact same change in different branches of the Apache Tomcat codebase, confirming this is the single vulnerable function.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*or som* unlik*ly *on*i*ur*tions o* multip*rt uplo**, *n Int***r Ov*r*low vuln*r**ility in *p**** Tom**t *oul* l*** to * *oS vi* *yp*ssin* o* siz* limits. T*is issu* *****ts *p**** Tom**t: *rom **.*.*-M* t*rou** **.*.*, *rom **.*.*-M* t*rou** **.*.*

Reasoning

T** vuln*r**ility li*s in t** `p*rs*P*rts` m*t*o* wit*in t** `or*.*p****.**t*lin*.*onn**tor.R*qu*st` *l*ss. T** *or* o* t** issu* is *n int***r ov*r*low vuln*r**ility. T** `postSiz*` v*ri**l*, w*i** ***umul*t*s t** siz* o* t** p*rts o* * multip*rt r*

7.5

Basic Information

Concerned about an active attack path?

CVE-2025-52520: Apache Tomcat Catalina is vulnerable to DoS attack through bypassing of size limits

7.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI