CNNVD-202510-3505 Information

Oct 27, 2025 cve

CNNVD ID

CNNVD-202510-3505

CVE-2025-61795

CNNVD Published: 2025-10-27

Description (Chinese)

Apache Tomcat是美国阿帕奇（Apache）基金会的一款轻量级Web应用服务器。用于实现对Servlet和JavaServer Page（JSP）的支持。 Apache Tomcat存在安全漏洞，该漏洞源于资源关闭或释放不当，可能导致拒绝服务攻击。以下版本受到影响：11.0.0-M1版本至11.0.11版本、10.1.0-M1版本至10.1.46版本、9.0.0.M1版本至9.0.109版本和8.5.0版本至8.5.100版本。

Description (English)

Apache Tomcat is a lightweight Web application server for the Apache Foundation in the United States. Support for Servlet and JavaServer Page (JSP). There is a security loophole in Apache Tomcat, which stems from the closure or improper release of resources and may lead to denial of service attacks. The following versions were affected: 11.0.0-M1 to 11.01.11, 10.1.0-M1 to 10.1.46, 9.0.0.M1 to 9.0.1009 and 8.5.0 to 8.5.100.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

阿帕奇

Published

2025-10-27

Last Modified

2026-02-24

References

https://lists.apache.org/thread/wm9mx8brmx9g4zpywm06ryrtvd3160pp https://access.redhat.com/security/cve/cve-2025-61795 https://www.oracle.com/security-alerts/cpujan2026.html

Patch

https://tomcat.apache.org/

Share on: