CVE-2025-52434

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client initiated closes of HTTP/2 connections. This issue affects Apache Tomcat: from 9.0.0.M1 through 9.0.106. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 9.0.107, which fixes the issue.

CVSS

No CVSS.

References

Link	Resource
https://lists.apache.org/thread/gxgh65004f25y8519coth6w7vchww030	Issue Tracking Mailing List Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*

History

08 Aug 2025, 12:15

Type	Values Removed	Values Added
Summary	Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client initiated closes of HTTP/2 connections. This issue affects Apache Tomcat: from 9.0.0.M1 through 9.0.106. Older, EOL versions may also be affected. Users are recommended to upgrade to version 9.0.107, which fixes the issue.	Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client initiated closes of HTTP/2 connections. This issue affects Apache Tomcat: from 9.0.0.M1 through 9.0.106. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 9.0.107, which fixes the issue.

07 Aug 2025, 12:15

Type	Values Removed	Values Added
Summary	Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client initiated closes of HTTP/2 connections. This issue affects Apache Tomcat: from 9.0.0.M1 through 9.0.106. Users are recommended to upgrade to version 9.0.107, which fixes the issue.	Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client initiated closes of HTTP/2 connections. This issue affects Apache Tomcat: from 9.0.0.M1 through 9.0.106. Older, EOL versions may also be affected. Users are recommended to upgrade to version 9.0.107, which fixes the issue.
References	~~() https://lists.apache.org/thread/gxgh65004f25y8519coth6w7vchww030 - Mailing List, Vendor Advisory, Issue Tracking~~	() https://lists.apache.org/thread/gxgh65004f25y8519coth6w7vchww030 - Issue Tracking, Mailing List, Vendor Advisory

29 Jul 2025, 18:36

Type	Values Removed	Values Added
References	~~() https://lists.apache.org/thread/gxgh65004f25y8519coth6w7vchww030 -~~	() https://lists.apache.org/thread/gxgh65004f25y8519coth6w7vchww030 - Mailing List, Vendor Advisory, Issue Tracking
CPE		cpe:2.3:a:apache:tomcat::::::::
First Time		Apache tomcat Apache

11 Jul 2025, 14:15

Type	Values Removed	Values Added
CWE	~~CWE-362~~

10 Jul 2025, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-10 19:15

Updated : 2025-08-08 12:15

NVD link : CVE-2025-52434

Mitre link : CVE-2025-52434

JSON object : View

Products Affected

apache

tomcat

CWE

No CWE.

JSON object

Attach tags to CVE-2025-52434

Attach tags to `CVE-2025-52434`