The Apache Software Foundation has released a security advisory to address the vulnerabilities (CVE-2025-31650, CVE-2025-31651) in multiple versions of Tomcat. A remote attacker could exploit these vulnerabilities to trigger security restriction bypass and denial of service condition on the targeted system. Apache fixed vulnerabilities in Apache Tomcat versions 11.0.6, 10.1.40, 9.0.104.

Detailed information on vulnerability and updates can be found in Apache’s security advisories – apache.org.