CVE-2022-25762: 
Java vulnerability analysis and mitigation

CVE-2022-25762 is a vulnerability discovered in Apache Tomcat versions 8.5.0 to 8.5.75 and 9.0.0.M1 to 9.0.20. The vulnerability occurs when a web application sends a WebSocket message concurrently with the WebSocket connection closing, potentially allowing the application to continue using the socket after it has been closed (Apache Advisory).

The vulnerability stems from an error handling issue where a pooled object could be placed in the pool twice. This occurs specifically during concurrent WebSocket message transmission and connection closure. The vulnerability has been assigned a CVSS v3.1 base score of 8.6 (HIGH) with the vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L (NVD Database).

When successfully exploited, this vulnerability can result in subsequent connections using the same object concurrently, potentially leading to data being returned to the wrong user and other errors. The high CVSS score indicates significant potential impact on confidentiality, with lower impacts on integrity and availability (NVD Database).

The vulnerability has been fixed in Apache Tomcat versions 8.5.76 and 9.0.21 and later. Organizations using affected versions should upgrade to the patched versions (NetApp Advisory).