Search for vulnerabilities
Vulnerability details: VCID-bfxu-nwcp-1kd6
Vulnerability ID VCID-bfxu-nwcp-1kd6
Aliases CVE-2025-31650
GHSA-3p2h-wqq4-wf4h
Summary multiple issues
Status Published
Exploitability 2.0
Weighted Severity 8.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (5)
CWE-459 Incomplete Cleanup
CWE-460 Improper Cleanup on Thrown Exception
CWE-20 Improper Input Validation
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-31650.json
epss 0.00706 https://api.first.org/data/v1/epss?cve=CVE-2025-31650
epss 0.00706 https://api.first.org/data/v1/epss?cve=CVE-2025-31650
epss 0.00738 https://api.first.org/data/v1/epss?cve=CVE-2025-31650
epss 0.00738 https://api.first.org/data/v1/epss?cve=CVE-2025-31650
epss 0.00738 https://api.first.org/data/v1/epss?cve=CVE-2025-31650
epss 0.00738 https://api.first.org/data/v1/epss?cve=CVE-2025-31650
epss 0.00738 https://api.first.org/data/v1/epss?cve=CVE-2025-31650
epss 0.00738 https://api.first.org/data/v1/epss?cve=CVE-2025-31650
epss 0.00738 https://api.first.org/data/v1/epss?cve=CVE-2025-31650
epss 0.00738 https://api.first.org/data/v1/epss?cve=CVE-2025-31650
epss 0.00738 https://api.first.org/data/v1/epss?cve=CVE-2025-31650
epss 0.00738 https://api.first.org/data/v1/epss?cve=CVE-2025-31650
epss 0.00738 https://api.first.org/data/v1/epss?cve=CVE-2025-31650
epss 0.00738 https://api.first.org/data/v1/epss?cve=CVE-2025-31650
apache_tomcat Important https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31650
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-3p2h-wqq4-wf4h
generic_textual MODERATE https://github.com/apache/tomcat
generic_textual MODERATE https://github.com/apache/tomcat/commit/1eef1dc459c45f1e421d8bd25ef340fc1cc34edc
generic_textual MODERATE https://github.com/apache/tomcat/commit/40ae788c2e64d018b4e58cd4210bb96434d0100d
generic_textual MODERATE https://github.com/apache/tomcat/commit/75554da2fc5574862510ae6f0d7b3d78937f1d40
generic_textual MODERATE https://github.com/apache/tomcat/commit/8cc3b8fb3f2d8d4d6a757e014f19d1fafa948a60
generic_textual MODERATE https://github.com/apache/tomcat/commit/b7674782679e1514a0d154166b1d04d38aaac4a9
generic_textual MODERATE https://github.com/apache/tomcat/commit/b98e74f517b36929f4208506e5adad22cb767baa
generic_textual MODERATE https://github.com/apache/tomcat/commit/cba1a0fe1289ee7f5dd46c61c38d1e1ac5437bff
generic_textual MODERATE https://github.com/apache/tomcat/commit/ded0285b96b4d3f5560dfc8856ad5ec4a9b50ba9
generic_textual MODERATE https://github.com/apache/tomcat/commit/f619e6a05029538886d5a9d987925d573b5bb8c2
cvssv3.1 7.5 https://lists.apache.org/thread/j6zzk0y3yym9pzfzkq5vcyxzz0yzh826
generic_textual MODERATE https://lists.apache.org/thread/j6zzk0y3yym9pzfzkq5vcyxzz0yzh826
ssvc Track https://lists.apache.org/thread/j6zzk0y3yym9pzfzkq5vcyxzz0yzh826
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2025-31650
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2025-31650
archlinux High https://security.archlinux.org/AVG-2888
archlinux High https://security.archlinux.org/AVG-2889
generic_textual MODERATE https://tomcat.apache.org/security-10.html
generic_textual MODERATE https://tomcat.apache.org/security-11.html
generic_textual MODERATE https://tomcat.apache.org/security-9.html
generic_textual MODERATE http://www.openwall.com/lists/oss-security/2025/04/28/2
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-31650.json
https://api.first.org/data/v1/epss?cve=CVE-2025-31650
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/apache/tomcat
https://github.com/apache/tomcat/commit/1eef1dc459c45f1e421d8bd25ef340fc1cc34edc
https://github.com/apache/tomcat/commit/40ae788c2e64d018b4e58cd4210bb96434d0100d
https://github.com/apache/tomcat/commit/75554da2fc5574862510ae6f0d7b3d78937f1d40
https://github.com/apache/tomcat/commit/8cc3b8fb3f2d8d4d6a757e014f19d1fafa948a60
https://github.com/apache/tomcat/commit/b7674782679e1514a0d154166b1d04d38aaac4a9
https://github.com/apache/tomcat/commit/b98e74f517b36929f4208506e5adad22cb767baa
https://github.com/apache/tomcat/commit/cba1a0fe1289ee7f5dd46c61c38d1e1ac5437bff
https://github.com/apache/tomcat/commit/ded0285b96b4d3f5560dfc8856ad5ec4a9b50ba9
https://github.com/apache/tomcat/commit/f619e6a05029538886d5a9d987925d573b5bb8c2
https://lists.apache.org/thread/j6zzk0y3yym9pzfzkq5vcyxzz0yzh826
https://nvd.nist.gov/vuln/detail/CVE-2025-31650
https://tomcat.apache.org/security-10.html
https://tomcat.apache.org/security-11.html
https://tomcat.apache.org/security-9.html
http://www.openwall.com/lists/oss-security/2025/04/28/2
2362783 https://bugzilla.redhat.com/show_bug.cgi?id=2362783
AVG-2888 https://security.archlinux.org/AVG-2888
AVG-2889 https://security.archlinux.org/AVG-2889
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone10:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone10:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone11:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone11:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone12:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone12:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone13:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone13:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone14:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone14:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone15:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone15:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone16:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone16:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone17:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone17:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone18:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone18:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone19:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone19:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone2:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone20:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone20:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone21:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone21:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone22:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone22:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone23:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone23:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone24:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone24:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone25:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone25:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone3:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone4:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone5:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone5:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone6:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone6:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone7:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone7:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone8:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone8:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:milestone9:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:11.0.0:milestone9:*:*:*:*:*:*
CVE-2025-31650 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31650
CVE-2025-31650 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/52318.py
GHSA-3p2h-wqq4-wf4h https://github.com/advisories/GHSA-3p2h-wqq4-wf4h
RHSA-2025:11332 https://access.redhat.com/errata/RHSA-2025:11332
RHSA-2025:11333 https://access.redhat.com/errata/RHSA-2025:11333
RHSA-2025:11334 https://access.redhat.com/errata/RHSA-2025:11334
RHSA-2025:11335 https://access.redhat.com/errata/RHSA-2025:11335
RHSA-2025:3608 https://access.redhat.com/errata/RHSA-2025:3608
RHSA-2025:3609 https://access.redhat.com/errata/RHSA-2025:3609
RHSA-2025:4521 https://access.redhat.com/errata/RHSA-2025:4521
RHSA-2025:4522 https://access.redhat.com/errata/RHSA-2025:4522
Data source Exploit-DB
Date added June 5, 2025
Description Apache Tomcat 10.1.39 - Denial of Service (DoS)
Ransomware campaign use Unknown
Source publication date June 5, 2025
Exploit type remote
Platform multiple
Source update date June 5, 2025
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-31650.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.apache.org/thread/j6zzk0y3yym9pzfzkq5vcyxzz0yzh826
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-06T20:07:38Z/ Found at https://lists.apache.org/thread/j6zzk0y3yym9pzfzkq5vcyxzz0yzh826
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2025-31650
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.71178
EPSS Score 0.00706
Published At June 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-01T11:52:37.438522+00:00 Arch Linux Importer Import https://security.archlinux.org/AVG-2889 36.1.3