CVE-2025-61795 is a vulnerability classified under CWE-404 (Improper Resource Shutdown or Release) affecting multiple versions of Apache Tomcat, a widely used Java servlet container. The issue occurs during the processing of multipart uploads, a common method for handling file uploads in web applications. When an error happens during upload processing—such as exceeding configured limits—temporary files created on disk for the uploaded parts are not immediately deleted. Instead, these files remain until the Java Virtual Machine's garbage collector eventually frees the resources. Depending on JVM garbage collection settings, application memory usage, and server load, this delay can cause the accumulation of temporary files, rapidly consuming disk space. This resource exhaustion can lead to denial-of-service conditions, impacting the availability of the Tomcat server and hosted applications. The vulnerability affects Apache Tomcat versions from 8.5.0 through 8.5.100 (EOL but known affected), 9.0.0.M1 through 9.0.109, 10.1.0-M1 through 10.1.46, and 11.0.0-M1 through 11.0.11. The Apache Software Foundation has addressed this issue in versions 8.5.101+, 9.0.110+, 10.1.47+, and 11.0.12+. No public exploits have been reported, but the vulnerability's nature makes it a potential vector for DoS attacks, especially in high-load environments or where attackers can repeatedly trigger multipart uploads. Mitigation requires upgrading to patched versions and potentially tuning JVM and application configurations to better handle temporary file cleanup.

For European organizations, the impact of CVE-2025-61795 can be significant, particularly for those relying on Apache Tomcat to serve web applications that handle file uploads. The vulnerability can lead to denial-of-service by exhausting disk space with orphaned temporary files, causing service outages or degraded performance. This can disrupt business operations, customer-facing services, and internal applications. Organizations in sectors such as finance, healthcare, government, and e-commerce, where uptime and data integrity are critical, may face operational and reputational damage. Additionally, the resource exhaustion could be exploited as part of a broader attack strategy to distract or degrade defenses. Since Apache Tomcat is widely deployed across Europe, especially in enterprise and public sector environments, the risk of service disruption is non-trivial. The lack of authentication requirements for exploitation increases the threat surface, as attackers only need to trigger multipart uploads with errors. The vulnerability does not directly expose confidential data but impacts availability, a key security pillar under GDPR and other regulatory frameworks.

1. Upgrade Apache Tomcat to the fixed versions: 11.0.12 or later, 10.1.47 or later, or 9.0.110 or later. 2. Review and tune JVM garbage collection settings to ensure timely cleanup of temporary files, considering aggressive GC policies if appropriate. 3. Implement application-level validation to limit multipart upload sizes and reject malformed or excessive uploads early. 4. Monitor disk usage and configure alerts for unusual increases in temporary file storage or disk consumption on servers running Tomcat. 5. Employ web application firewalls (WAFs) to detect and block suspicious multipart upload patterns that could trigger the vulnerability. 6. Regularly audit and clean temporary directories used by Tomcat to remove orphaned files proactively. 7. Restrict access to upload endpoints and apply rate limiting to reduce the risk of abuse. 8. Conduct penetration testing and vulnerability scanning focused on multipart upload handling to verify mitigation effectiveness.