| CVE-2025-49125 |
Low |
Yes |
Access restriction bypass |
When using PreResources or PostResources mounted other than at the root of the web application, it was possible to access those resources via an unexpected... |
| CVE-2025-48988 |
Medium |
Yes |
Denial of service |
Tomcat used the same limit for both request parameters and parts in a multipart request. Since uploaded parts also include headers which must be retained,... |
| CVE-2025-48976 |
Medium |
Yes |
Denial of service |
Apache Commons FileUpload provided a hard-coded limit of 10kB for the size of the headers associated with a multipart request. A specially crafted request... |
| CVE-2025-46701 |
Low |
Yes |
Access restriction bypass |
When running on a case insensitive file system with security constraints configured for the pathInfo component of a URL that mapped to the CGI servlet, it... |
| CVE-2025-31650 |
High |
Yes |
Denial of service |
Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large... |