VYPR
Moderate severityNVD Advisory· Published Jul 10, 2025· Updated Nov 4, 2025

Apache Tomcat: APR/Native Connector crash leading to DoS

CVE-2025-52434

Description

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client initiated closes of HTTP/2 connections.

This issue affects Apache Tomcat: from 9.0.0.M1 through 9.0.106. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions may also be affected.

Users are recommended to upgrade to version 9.0.107, which fixes the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.tomcat:tomcat-utilMaven
>= 9.0.0.M1, < 9.0.1079.0.107
org.apache.tomcat:tomcat-utilMaven
>= 8.5.0, <= 8.5.100

Affected products

39

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.