Apache Tomcat: Memory Leak Due to Improper Input Validation Leads to Denial of Service

In Apache Tomcat versions from 9.0.76 through 9.0.102, 10.1.10 through 10.1.39 and 11.0.0-M2 through 11.0.5 a high severity vulnerability CVE-2025-31650 was detected. This vulnerability allows improper input validation of HTTP priority headers, leading to memory leaks and potential denial of service (DoS) due to an OutOfMemoryException. To address this issue, users should upgrade Apache Tomcat to versions 9.0.104, 10.1.40 or 11.0.6. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-31650.