My name is kazu. I am writing to seek clarification regarding a recently published security vulnerability that affects Apache Tomcat.
I am writing to seek clarification regarding a recently published security vulnerability that affects Apache Tomcat. We have reviewed the official security advisory, but there is an ambiguity that we hope you can help clarify for us to properly assess the impact on our systems. The vulnerability in question is: CVE ID: CVE-2025-52520 Title: Low: DoS due to overflow in file upload limit Official Advisory URL: https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.107 Specifically, the following point is unclear to us: The advisory mentions "unlikely configurations of multipart upload." Could you please specify what types of configurations are considered "unlikely" and would therefore be affected by this vulnerability? Please provide specific examples or characteristics. Our current environment details are as follows: Apache Tomcat Version: 9.0.106 Java Version: JDK 17.0.12 Operating System: RHEL 8.7 We need to confirm this to accurately assess the risk to our systems and determine if any action is required. Thank you for your time and assistance.
