BIT-tomcat-2025-52520
Integer Overflow vulnerability in tomcat-catalina (Maven)
What is BIT-tomcat-2025-52520 About?
This vulnerability is an Integer Overflow within Apache Tomcat when handling multipart uploads, which can lead to a Denial of Service. Under specific, unlikely configurations, it allows an attacker to bypass size limits. Exploitation requires these specific configurations, but could be performed by an unauthenticated attacker.
Affected Software
- org.apache.tomcat:tomcat-catalina
- >=9.0.0.M1, <9.0.107
- >=10.1.0-M1, <10.1.43
- >=11.0.0-M1, <11.0.9
- >=8.5.0, <=8.5.100
- org.apache.tomcat.embed:tomcat-embed-core
- >=9.0.0.M1, <9.0.107
- >=10.1.0-M1, <10.1.43
- >=11.0.0-M1, <11.0.9
- >=8.5.0, <=8.5.100
Technical Details
An Integer Overflow vulnerability exists in Apache Tomcat's handling of multipart uploads. For certain unlikely configurations of multipart upload parsing, an attacker can trigger an integer overflow condition. This overflow can cause the size limits configured for multipart requests to be incorrectly calculated or bypassed entirely. By circumventing these limits, an attacker can send excessively large multipart requests or exploit other related logic, ultimately leading to resource exhaustion and a Denial of Service condition on the server.
What is the Impact of BIT-tomcat-2025-52520?
Successful exploitation may allow attackers to bypass size limits and cause a Denial of Service, making the affected service unavailable.
What is the Exploitability of BIT-tomcat-2025-52520?
Exploitation of this vulnerability requires specific and unlikely configurations for multipart upload in Apache Tomcat. It does not require authentication and can be triggered remotely. The complexity may be moderate due to the need for specific environmental settings to manifest the integer overflow. An attacker would need to craft specific multipart requests designed to trigger the overflow, potentially leading to resource exhaustion or other denial-of-service impacts. The primary constraint is the prerequisite of these 'unlikely configurations' being present on the target server.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for BIT-tomcat-2025-52520?
Available Upgrade Options
- org.apache.tomcat.embed:tomcat-embed-core
- >=9.0.0.M1, <9.0.107 → Upgrade to 9.0.107
- org.apache.tomcat.embed:tomcat-embed-core
- >=10.1.0-M1, <10.1.43 → Upgrade to 10.1.43
- org.apache.tomcat.embed:tomcat-embed-core
- >=11.0.0-M1, <11.0.9 → Upgrade to 11.0.9
- org.apache.tomcat:tomcat-catalina
- >=9.0.0.M1, <9.0.107 → Upgrade to 9.0.107
- org.apache.tomcat:tomcat-catalina
- >=10.1.0-M1, <10.1.43 → Upgrade to 10.1.43
- org.apache.tomcat:tomcat-catalina
- >=11.0.0-M1, <11.0.9 → Upgrade to 11.0.9
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/apache/tomcat/commit/fc42bbccb9041fafd194fbfdf3eab1d44cb5c45c
- https://github.com/apache/tomcat/commit/a51e4bedccfafd35b7cdd0ee3e22267dee9f90db
- https://github.com/apache/tomcat/commit/927d66fbc294cb65242102b817a45fd80834e040
- https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html
- https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html
- https://lists.apache.org/thread/trqq01bbxw6c92zx69kx2mw2qgmfy0o5
- https://osv.dev/vulnerability/GHSA-wr62-c79q-cv37
- https://lists.apache.org/thread/trqq01bbxw6c92zx69kx2mw2qgmfy0o5
- http://www.openwall.com/lists/oss-security/2025/07/10/12
- https://nvd.nist.gov/vuln/detail/CVE-2025-52520
What are Similar Vulnerabilities to BIT-tomcat-2025-52520?
Similar Vulnerabilities: CVE-2023-44487 , CVE-2023-40618 , CVE-2022-45133 , CVE-2022-42868 , CVE-2021-41033
