{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48134?format=json","vulnerability_id":"VCID-kqng-d1f2-myg5","summary":"Apache Tomcat Vulnerable to Improper Resource Shutdown or Release\nIf an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109.\n\nThe following versions were EOL at the time the CVE was created but are\nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.","aliases":[{"alias":"CVE-2025-61795"},{"alias":"GHSA-hgrr-935x-pq79"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71123?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.110","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.110"},{"url":"http://public2.vulnerablecode.io/api/packages/71124?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.47","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.47"},{"url":"http://public2.vulnerablecode.io/api/packages/71125?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@11.0.12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.12"},{"url":"http://public2.vulnerablecode.io/api/packages/71094?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.110","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.110"},{"url":"http://public2.vulnerablecode.io/api/packages/71095?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.47","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.47"},{"url":"http://public2.vulnerablecode.io/api/packages/71096?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.12"},{"url":"http://public2.vulnerablecode.io/api/packages/71146?format=json","purl":"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.110","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.110"},{"url":"http://public2.vulnerablecode.io/api/packages/71147?format=json","purl":"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.47","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.47"},{"url":"http://public2.vulnerablecode.io/api/packages/71148?format=json","purl":"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.12"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53961?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1kgu-zupu-tydw"},{"vulnerability":"VCID-3nsr-9s9y-ckft"},{"vulnerability":"VCID-4nx6-t8vd-bqcu"},{"vulnerability":"VCID-59dd-qzpt-aucm"},{"vulnerability":"VCID-6umz-z8db-kqcy"},{"vulnerability":"VCID-dast-z2hv-2yfe"},{"vulnerability":"VCID-dbu6-fhrs-aubn"},{"vulnerability":"VCID-dk58-p9py-rka9"},{"vulnerability":"VCID-g3vd-74yh-s7bn"},{"vulnerability":"VCID-gmjm-6ck2-skgu"},{"vulnerability":"VCID-hqzu-shyu-j3hp"},{"vulnerability":"VCID-jzta-navk-87bn"},{"vulnerability":"VCID-kqng-d1f2-myg5"},{"vulnerability":"VCID-nxb3-55eu-auhp"},{"vulnerability":"VCID-q7g1-m4e7-pya4"},{"vulnerability":"VCID-qth9-7326-hffp"},{"vulnerability":"VCID-rk89-9dw5-w3gg"},{"vulnerability":"VCID-rtmv-qetu-yqfa"},{"vulnerability":"VCID-s37s-p75k-27e6"},{"vulnerability":"VCID-se44-f85s-xyex"},{"vulnerability":"VCID-tcmv-6ftg-fqen"},{"vulnerability":"VCID-u95s-xhwk-vka6"},{"vulnerability":"VCID-vu84-dfwa-z3dg"},{"vulnerability":"VCID-wmb3-3j7y-due7"},{"vulnerability":"VCID-xns8-63b5-guf2"},{"vulnerability":"VCID-y9hs-ymcm-3ucx"},{"vulnerability":"VCID-zba8-2zc4-9qfh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.0"},{"url":"http://public2.vulnerablecode.io/api/packages/71115?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@8.5.100","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d8re-94xd-nycp"},{"vulnerability":"VCID-kqng-d1f2-myg5"},{"vulnerability":"VCID-wcnj-bna8-7fh7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@8.5.100"},{"url":"http://public2.vulnerablecode.io/api/packages/71122?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@9.0.0-M.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-kqng-d1f2-myg5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.0-M.1"},{"url":"http://public2.vulnerablecode.io/api/packages/71116?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@10.1.0-M1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d8re-94xd-nycp"},{"vulnerability":"VCID-kqng-d1f2-myg5"},{"vulnerability":"VCID-wcnj-bna8-7fh7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.0-M1"},{"url":"http://public2.vulnerablecode.io/api/packages/71117?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat@11.0.0-M1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d8re-94xd-nycp"},{"vulnerability":"VCID-kqng-d1f2-myg5"},{"vulnerability":"VCID-s93z-rmw7-5bcw"},{"vulnerability":"VCID-wcnj-bna8-7fh7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.0-M1"},{"url":"http://public2.vulnerablecode.io/api/packages/62404?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6umz-z8db-kqcy"},{"vulnerability":"VCID-7fh9-36qs-jfg5"},{"vulnerability":"VCID-jzta-navk-87bn"},{"vulnerability":"VCID-kqng-d1f2-myg5"},{"vulnerability":"VCID-rk89-9dw5-w3gg"},{"vulnerability":"VCID-urhs-6aus-syb1"},{"vulnerability":"VCID-xa95-zsnk-3kg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.0"},{"url":"http://public2.vulnerablecode.io/api/packages/71090?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.100","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d8re-94xd-nycp"},{"vulnerability":"VCID-kqng-d1f2-myg5"},{"vulnerability":"VCID-wcnj-bna8-7fh7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@8.5.100"},{"url":"http://public2.vulnerablecode.io/api/packages/71091?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.0-M.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-kqng-d1f2-myg5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@9.0.0-M.1"},{"url":"http://public2.vulnerablecode.io/api/packages/71092?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.0-M1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d8re-94xd-nycp"},{"vulnerability":"VCID-kqng-d1f2-myg5"},{"vulnerability":"VCID-wcnj-bna8-7fh7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@10.1.0-M1"},{"url":"http://public2.vulnerablecode.io/api/packages/71093?format=json","purl":"pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.0-M1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d8re-94xd-nycp"},{"vulnerability":"VCID-kqng-d1f2-myg5"},{"vulnerability":"VCID-wcnj-bna8-7fh7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-catalina@11.0.0-M1"},{"url":"http://public2.vulnerablecode.io/api/packages/53455?format=json","purl":"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3nsr-9s9y-ckft"},{"vulnerability":"VCID-4nx6-t8vd-bqcu"},{"vulnerability":"VCID-axzz-cadr-b7fv"},{"vulnerability":"VCID-dast-z2hv-2yfe"},{"vulnerability":"VCID-dbu6-fhrs-aubn"},{"vulnerability":"VCID-dk58-p9py-rka9"},{"vulnerability":"VCID-gmjm-6ck2-skgu"},{"vulnerability":"VCID-j66a-6et3-mfha"},{"vulnerability":"VCID-kqng-d1f2-myg5"},{"vulnerability":"VCID-paqj-ye46-8bdb"},{"vulnerability":"VCID-qth9-7326-hffp"},{"vulnerability":"VCID-rk89-9dw5-w3gg"},{"vulnerability":"VCID-se44-f85s-xyex"},{"vulnerability":"VCID-urhs-6aus-syb1"},{"vulnerability":"VCID-xa95-zsnk-3kg9"},{"vulnerability":"VCID-xns8-63b5-guf2"},{"vulnerability":"VCID-y4a2-mamb-yqg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.0"},{"url":"http://public2.vulnerablecode.io/api/packages/71085?format=json","purl":"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.100","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d8re-94xd-nycp"},{"vulnerability":"VCID-kqng-d1f2-myg5"},{"vulnerability":"VCID-wcnj-bna8-7fh7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.100"},{"url":"http://public2.vulnerablecode.io/api/packages/71145?format=json","purl":"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.0-M.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-kqng-d1f2-myg5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.0-M.1"},{"url":"http://public2.vulnerablecode.io/api/packages/64361?format=json","purl":"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.0-M1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d8re-94xd-nycp"},{"vulnerability":"VCID-j66a-6et3-mfha"},{"vulnerability":"VCID-kqng-d1f2-myg5"},{"vulnerability":"VCID-paqj-ye46-8bdb"},{"vulnerability":"VCID-urhs-6aus-syb1"},{"vulnerability":"VCID-wcnj-bna8-7fh7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.0-M1"},{"url":"http://public2.vulnerablecode.io/api/packages/64362?format=json","purl":"pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0-M1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d8re-94xd-nycp"},{"vulnerability":"VCID-j66a-6et3-mfha"},{"vulnerability":"VCID-kqng-d1f2-myg5"},{"vulnerability":"VCID-paqj-ye46-8bdb"},{"vulnerability":"VCID-urhs-6aus-syb1"},{"vulnerability":"VCID-wcnj-bna8-7fh7"},{"vulnerability":"VCID-y4a2-mamb-yqg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.0-M1"}],"references":[{"reference_url":"https://cert-portal.siemens.com/productcert/html/ssa-032379.html","reference_id":"","reference_type":"","scores":[],"url":"https://cert-portal.siemens.com/productcert/html/ssa-032379.html"},{"reference_url":"https://github.com/apache/tomcat/commit/1cdf5f730ede75a0759492f179ac21ca4ff68e06","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/1cdf5f730ede75a0759492f179ac21ca4ff68e06"},{"reference_url":"https://github.com/apache/tomcat/commit/af6e9181620304c0d818121c29c074e1330610d0","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/af6e9181620304c0d818121c29c074e1330610d0"},{"reference_url":"https://github.com/apache/tomcat/commit/afa422bd7ca1eef0f507259c682fd876494d9c3b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/afa422bd7ca1eef0f507259c682fd876494d9c3b"},{"reference_url":"https://lists.apache.org/thread/wm9mx8brmx9g4zpywm06ryrtvd3160pp","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread/wm9mx8brmx9g4zpywm06ryrtvd3160pp"},{"reference_url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.47","reference_id":"","reference_type":"","scores":[],"url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.47"},{"reference_url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.12","reference_id":"","reference_type":"","scores":[],"url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.12"},{"reference_url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.110","reference_id":"","reference_type":"","scores":[],"url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.110"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-61795","reference_id":"CVE-2025-61795","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-61795"},{"reference_url":"https://github.com/advisories/GHSA-hgrr-935x-pq79","reference_id":"GHSA-hgrr-935x-pq79","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-hgrr-935x-pq79"}],"weaknesses":[{"cwe_id":404,"name":"Improper Resource Shutdown or Release","description":"The product does not release or incorrectly releases a resource before it is made available for re-use."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."},{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."}],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kqng-d1f2-myg5"}