VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-tc17-t52j-nyh4

Essentials
Severities (42)
References (19)
Severity details (13)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-tc17-t52j-nyh4
Aliases	CVE-2025-52434 GHSA-4j3c-42xv-3f84
Summary	Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client initiated closes of HTTP/2 connections. This issue affects Apache Tomcat: from 9.0.0.M1 through 9.0.106. Users are recommended to upgrade to version 9.0.107, which fixes the issue.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-362	Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3	5.3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-52434.json
epss	0.00179	https://api.first.org/data/v1/epss?cve=CVE-2025-52434
epss	0.00179	https://api.first.org/data/v1/epss?cve=CVE-2025-52434
epss	0.00179	https://api.first.org/data/v1/epss?cve=CVE-2025-52434
epss	0.00179	https://api.first.org/data/v1/epss?cve=CVE-2025-52434
epss	0.00179	https://api.first.org/data/v1/epss?cve=CVE-2025-52434
epss	0.00179	https://api.first.org/data/v1/epss?cve=CVE-2025-52434
epss	0.00179	https://api.first.org/data/v1/epss?cve=CVE-2025-52434
epss	0.00179	https://api.first.org/data/v1/epss?cve=CVE-2025-52434
epss	0.00179	https://api.first.org/data/v1/epss?cve=CVE-2025-52434
epss	0.00179	https://api.first.org/data/v1/epss?cve=CVE-2025-52434
epss	0.00179	https://api.first.org/data/v1/epss?cve=CVE-2025-52434
epss	0.00179	https://api.first.org/data/v1/epss?cve=CVE-2025-52434
epss	0.00182	https://api.first.org/data/v1/epss?cve=CVE-2025-52434
epss	0.00182	https://api.first.org/data/v1/epss?cve=CVE-2025-52434
epss	0.00182	https://api.first.org/data/v1/epss?cve=CVE-2025-52434
epss	0.00182	https://api.first.org/data/v1/epss?cve=CVE-2025-52434
epss	0.00182	https://api.first.org/data/v1/epss?cve=CVE-2025-52434
epss	0.00182	https://api.first.org/data/v1/epss?cve=CVE-2025-52434
epss	0.002	https://api.first.org/data/v1/epss?cve=CVE-2025-52434
epss	0.002	https://api.first.org/data/v1/epss?cve=CVE-2025-52434
epss	0.002	https://api.first.org/data/v1/epss?cve=CVE-2025-52434
epss	0.002	https://api.first.org/data/v1/epss?cve=CVE-2025-52434
epss	0.002	https://api.first.org/data/v1/epss?cve=CVE-2025-52434
epss	0.002	https://api.first.org/data/v1/epss?cve=CVE-2025-52434
epss	0.002	https://api.first.org/data/v1/epss?cve=CVE-2025-52434
epss	0.00203	https://api.first.org/data/v1/epss?cve=CVE-2025-52434
epss	0.00203	https://api.first.org/data/v1/epss?cve=CVE-2025-52434
epss	0.00203	https://api.first.org/data/v1/epss?cve=CVE-2025-52434
epss	0.00203	https://api.first.org/data/v1/epss?cve=CVE-2025-52434
apache_tomcat	Important	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52434
cvssv3.1	5.9	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-4j3c-42xv-3f84
cvssv3.1	7.5	https://github.com/apache/tomcat
generic_textual	MODERATE	https://github.com/apache/tomcat
cvssv3.1	7.5	https://github.com/apache/tomcat/commit/8a83c3c42d20762782678932c14005cd3397a018
generic_textual	MODERATE	https://github.com/apache/tomcat/commit/8a83c3c42d20762782678932c14005cd3397a018
cvssv3.1	7.5	https://lists.apache.org/thread/gxgh65004f25y8519coth6w7vchww030
generic_textual	MODERATE	https://lists.apache.org/thread/gxgh65004f25y8519coth6w7vchww030
ssvc	Track	https://lists.apache.org/thread/gxgh65004f25y8519coth6w7vchww030
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2025-52434
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2025-52434

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-52434.json
		https://api.first.org/data/v1/epss?cve=CVE-2025-52434
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/apache/tomcat
		https://github.com/apache/tomcat/commit/8a83c3c42d20762782678932c14005cd3397a018
		https://lists.apache.org/thread/gxgh65004f25y8519coth6w7vchww030
		https://nvd.nist.gov/vuln/detail/CVE-2025-52434
2379382		https://bugzilla.redhat.com/show_bug.cgi?id=2379382
cpe:2.3:a:apache:tomcat::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat::::::::
CVE-2025-52434		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52434
GHSA-4j3c-42xv-3f84		https://github.com/advisories/GHSA-4j3c-42xv-3f84
RHSA-2025:11695		https://access.redhat.com/errata/RHSA-2025:11695
RHSA-2025:11696		https://access.redhat.com/errata/RHSA-2025:11696
RHSA-2025:14177		https://access.redhat.com/errata/RHSA-2025:14177
RHSA-2025:14178		https://access.redhat.com/errata/RHSA-2025:14178
RHSA-2025:14180		https://access.redhat.com/errata/RHSA-2025:14180
RHSA-2025:14181		https://access.redhat.com/errata/RHSA-2025:14181
RHSA-2025:14182		https://access.redhat.com/errata/RHSA-2025:14182
RHSA-2025:14183		https://access.redhat.com/errata/RHSA-2025:14183

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-52434.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/apache/tomcat

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/apache/tomcat/commit/8a83c3c42d20762782678932c14005cd3397a018

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.apache.org/thread/gxgh65004f25y8519coth6w7vchww030

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-11T14:02:46Z/ Found at https://lists.apache.org/thread/gxgh65004f25y8519coth6w7vchww030

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2025-52434

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.39989
EPSS Score	0.00179
Published At	July 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:03:18.292968+00:00	Apache Tomcat Importer	Import	https://tomcat.apache.org/security-9.html	37.0.0