MGASA-2025-0223
Advisory lineage Upstream: 4 Downstream: 0
Published: 02 Sept 2025, 15:16
Last modified:16 Apr 2026, 04:20
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
02 Sept 2025, 15:16
Published
Vulnerability first disclosed
16 Apr 2026, 04:20
Last Modified
Vulnerability information updated
Description
Updated tomcat packages fix vulnerabilities APR/Native Connector crash leading to DoS. (CVE-2025-52434) DoS via integer overflow in multipart file upload. (CVE-2025-52520) DoS via excessive h2 streams at connection start. (CVE-2025-53506) H2 DoS - Made You Reset. (CVE-2025-48989)
Affected Systems
- mageia•tomcat
< 9.0.108-1.mga9
References (6)
- https://advisories.mageia.org/MGASA-2025-0223.html
- https://bugs.mageia.org/show_bug.cgi?id=34465
- https://www.openwall.com/lists/oss-security/2025/07/10/11
- https://www.openwall.com/lists/oss-security/2025/07/10/12
- https://www.openwall.com/lists/oss-security/2025/07/10/13
- https://www.openwall.com/lists/oss-security/2025/08/13/2