Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:apache/tomcat@9.0.110

Type apache

Namespace

Name tomcat

Version 9.0.110

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 9.0.118

Latest_non_vulnerable_version 11.0.22

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-kqng-d1f2-myg5

vulnerability_id VCID-kqng-d1f2-myg5

summary

Apache Tomcat Vulnerable to Improper Resource Shutdown or Release
If an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109.

The following versions were EOL at the time the CVE was created but are
known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.
Users are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61795.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61795.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-61795

reference_id

reference_type

scores

value	0.00129
scoring_system	epss
scoring_elements	0.31914
published_at	2026-06-07T12:55:00Z

value	0.00129
scoring_system	epss
scoring_elements	0.31952
published_at	2026-06-06T12:55:00Z

value	0.00129
scoring_system	epss
scoring_elements	0.31983
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-61795

reference_url

https://cert-portal.siemens.com/productcert/html/ssa-032379.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://cert-portal.siemens.com/productcert/html/ssa-032379.html

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/apache/tomcat

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat

reference_url

https://github.com/apache/tomcat/commit/1cdf5f730ede75a0759492f179ac21ca4ff68e06

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/1cdf5f730ede75a0759492f179ac21ca4ff68e06

reference_url

https://github.com/apache/tomcat/commit/af6e9181620304c0d818121c29c074e1330610d0

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/af6e9181620304c0d818121c29c074e1330610d0

reference_url

https://github.com/apache/tomcat/commit/afa422bd7ca1eef0f507259c682fd876494d9c3b

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat/commit/afa422bd7ca1eef0f507259c682fd876494d9c3b

reference_url

https://lists.apache.org/thread/wm9mx8brmx9g4zpywm06ryrtvd3160pp

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-27T18:48:52Z/

url

https://lists.apache.org/thread/wm9mx8brmx9g4zpywm06ryrtvd3160pp

reference_url

https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.47

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.47

reference_url

https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.12

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.12

reference_url

https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.110

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.110

reference_url

http://www.openwall.com/lists/oss-security/2025/10/27/6

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2025/10/27/6

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119293
reference_id	1119293
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119293

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119294
reference_id	1119294
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119294

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2406588
reference_id	2406588
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2406588

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61795

reference_id

CVE-2025-61795

reference_type

scores

value	Low
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61795

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-61795

reference_id

CVE-2025-61795

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-61795

reference_url

https://github.com/advisories/GHSA-hgrr-935x-pq79

reference_id

GHSA-hgrr-935x-pq79

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-hgrr-935x-pq79

reference_url	https://access.redhat.com/errata/RHSA-2025:19809
reference_id	RHSA-2025:19809
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:19809

reference_url	https://access.redhat.com/errata/RHSA-2025:19810
reference_id	RHSA-2025:19810
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:19810

reference_url	https://access.redhat.com/errata/RHSA-2025:23050
reference_id	RHSA-2025:23050
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23050

reference_url	https://access.redhat.com/errata/RHSA-2025:23051
reference_id	RHSA-2025:23051
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23051

reference_url	https://access.redhat.com/errata/RHSA-2026:6569
reference_id	RHSA-2026:6569
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6569

reference_url	https://access.redhat.com/errata/RHSA-2026:8334
reference_id	RHSA-2026:8334
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8334

fixed_packages

url	pkg:apache/tomcat@9.0.110
purl	pkg:apache/tomcat@9.0.110
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@9.0.110

url	pkg:apache/tomcat@10.1.47
purl	pkg:apache/tomcat@10.1.47
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@10.1.47

url	pkg:apache/tomcat@11.0.12
purl	pkg:apache/tomcat@11.0.12
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@11.0.12

aliases CVE-2025-61795, GHSA-hgrr-935x-pq79

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kqng-d1f2-myg5

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@9.0.110

Package Instance