Metrics
Affected Vendors & Products
Fri, 08 Aug 2025 12:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Description | Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client initiated closes of HTTP/2 connections. This issue affects Apache Tomcat: from 9.0.0.M1 through 9.0.106. Older, EOL versions may also be affected. Users are recommended to upgrade to version 9.0.107, which fixes the issue. | Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client initiated closes of HTTP/2 connections. This issue affects Apache Tomcat: from 9.0.0.M1 through 9.0.106. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 9.0.107, which fixes the issue. | 
Thu, 07 Aug 2025 11:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Description | Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client initiated closes of HTTP/2 connections. This issue affects Apache Tomcat: from 9.0.0.M1 through 9.0.106. Users are recommended to upgrade to version 9.0.107, which fixes the issue. | Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client initiated closes of HTTP/2 connections. This issue affects Apache Tomcat: from 9.0.0.M1 through 9.0.106. Older, EOL versions may also be affected. Users are recommended to upgrade to version 9.0.107, which fixes the issue. | 
Tue, 29 Jul 2025 18:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| CPEs | cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* | 
Wed, 16 Jul 2025 13:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | epss 
 | epss 
 | 
Sat, 12 Jul 2025 13:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | epss 
 | epss 
 | 
Fri, 11 Jul 2025 14:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | cvssV3_1 
 | ssvc 
 
 | 
Fri, 11 Jul 2025 13:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | epss 
 | 
Fri, 11 Jul 2025 12:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| References |  | |
| Metrics | threat_severity 
 | cvssV3_1 
 
 
 | 
Thu, 10 Jul 2025 19:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Description | Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client initiated closes of HTTP/2 connections. This issue affects Apache Tomcat: from 9.0.0.M1 through 9.0.106. Users are recommended to upgrade to version 9.0.107, which fixes the issue. | |
| Title | Apache Tomcat: APR/Native Connector crash leading to DoS | |
| Weaknesses | CWE-362 | |
| References |  | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: apache
Published: 2025-07-10T19:03:47.225Z
Updated: 2025-08-08T12:10:07.868Z
Reserved: 2025-06-16T07:00:46.986Z
Link: CVE-2025-52434
 Vulnrichment
                        Vulnrichment
                    Updated: 2025-07-11T14:03:36.267Z
 NVD
                        NVD
                    Status : Modified
Published: 2025-07-10T19:15:25.220
Modified: 2025-08-08T12:15:28.947
Link: CVE-2025-52434
 Redhat
                        Redhat