CVE-2025-52520: 
Java vulnerability analysis and mitigation

An Integer Overflow vulnerability (CVE-2025-52520) was discovered in Apache Tomcat that affects multipart upload configurations. The vulnerability impacts Apache Tomcat versions from 11.0.0-M1 through 11.0.8, 10.1.0-M1 through 10.1.42, and 9.0.0.M1 through 9.0.106. The issue was disclosed on July 10, 2025 (NVD).

The vulnerability is classified as CWE-190 (Integer Overflow or Wraparound) and has received a CVSS v3.1 base score of 7.5 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The vulnerability specifically manifests in certain configurations of multipart upload functionality, where an integer overflow condition can occur, potentially bypassing established size limits (NVD).

The primary impact of this vulnerability is the potential for Denial of Service (DoS) attacks through the bypassing of size limits in multipart upload configurations. The CVSS scoring indicates high impact on availability while maintaining no direct impact on confidentiality or integrity (UBUNTU).

Users are strongly recommended to upgrade to the fixed versions: Apache Tomcat 11.0.9, 10.1.43, or 9.0.107. These versions contain the necessary patches to address the integer overflow vulnerability. The fixes have been implemented through specific commits in the Apache Tomcat repository (UBUNTU).