PatchSiren cyber security CVE debrief
CVE-2025-61795 Cert Portal CVE debrief
CVE-2025-61795 is a denial-of-service issue in Apache Tomcat’s multipart upload handling. When an error occurs during upload processing, temporary copies of uploaded parts may not be cleaned up immediately, allowing disk space to be consumed faster than garbage collection can reclaim it. Fixed releases are Apache Tomcat 11.0.12+, 10.1.47+, and 9.0.110+; older EOL 8.5.x versions are also reported affected.
- Vendor
- Cert Portal
- Product
- Siemens SIMATIC CN 4100 vers:intdot/<5.0
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-12
- Original CVE updated
- 2026-05-14
- Advisory published
- 2026-05-12
- Advisory updated
- 2026-05-14
Who should care
Administrators, application owners, and platform teams running affected Apache Tomcat releases, especially services that accept multipart file uploads or experience sustained upload traffic. It also matters to defenders monitoring disk capacity, service availability, and upload-related failure rates.
Technical summary
The issue is an improper resource shutdown/release condition in multipart upload error paths. If processing fails, temporary on-disk copies of uploaded parts are left for garbage collection instead of being removed promptly. Under some JVM settings, application memory usage, and load conditions, temporary storage can fill before GC clears it, resulting in availability loss. The supplied advisory lists affected ranges for Tomcat 11.0.0-M1 through 11.0.11, 10.1.0-M1 through 10.1.46, and 9.0.0.M1 through 9.0.109, and notes that 8.5.0 through 8.5.100 were EOL but known affected.
Defensive priority
Medium overall; High for internet-facing or high-upload-volume Tomcat deployments because the impact is availability loss.
Recommended defensive actions
- Upgrade Apache Tomcat to 11.0.12 or later, 10.1.47 or later, or 9.0.110 or later.
- If you are on an affected EOL 8.5.x release or older Tomcat line, plan immediate migration or replacement; the advisory notes those versions may also be affected.
- Inventory applications that use multipart uploads and identify any deployments with heavy upload traffic or constrained temp storage.
- Monitor temporary upload storage, disk utilization, and upload failure spikes so exhaustion is detected before service impact.
- Review vendor guidance in the CISA and Siemens advisories and verify the fix in a staging environment before broad rollout.
Evidence notes
Source timing is based on the supplied CVE/advisory dates: first published 2026-05-12 and modified/republished 2026-05-14. The supplied CISA CSAF advisory ICSA-26-134-10 republishes Siemens ProductCERT SSA-032379 and repeats the Apache Tomcat affected-version ranges and upgrade guidance. The supplied enrichment does not place this CVE in CISA KEV. Note: the source metadata includes a Siemens SIMATIC CN 4100 product field, but the vulnerability text itself is clearly about Apache Tomcat; treat that product context as source metadata, not the vulnerability subject.
Official resources
-
CVE-2025-61795 CVE record
CVE.org
-
CVE-2025-61795 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in the supplied CISA CSAF on 2026-05-12 and republished by CISA on 2026-05-14. No KEV listing is indicated in the supplied enrichment.