Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog Docs About Contact
NA
CVSSv2

CVE-2025-47287

CVSSv4: NA | CVSSv3: 7.5 | CVSSv2: NA | VMScore: 850 | EPSS: 0.00136 | KEV: Not Included
Published: 15/05/2025 Updated: 29/05/2025

Vulnerability Summary

Tornado Web Framework DoS Vulnerability via Multipart Form Data Parsing

A Denial of Service (DoS) vulnerability exists in Tornado, a Python web framework and asynchronous networking library. The issue is in the ``multipart/form-data`` parser, which continues parsing data and logs warnings even when encountering errors. This behavior allows remote attackers to generate an extremely high volume of logs, creating a DoS attack. The vulnerability is made worse by Tornado's synchronous logging subsystem. All versions before 6.5.0 are affected, with the vulnerable parser enabled by default. Users should upgrade to Tornado version 6.5.0 to receive a patch. As an alternative mitigation, blocking `Content-Type: multipart/form-data` at the proxy level can help reduce the risk.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

tornadoweb tornado

Vendor Advisories

Debian CVElist Bug Report Logs: python-tornado: CVE-2025-47287
Debian Bug report logs - #1105886 python-tornado: CVE-2025-47287 Package: src:python-tornado; Maintainer for src:python-tornado is Debian Python Team <team+python@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 16 May 2025 16:00:02 UTC Severity: grave Tags: security, upstream Fo ...
Amazon Linux AMI: ALAS-2025-1002
Tornado is a Python web framework and asynchronous networking library When Tornado's ``multipart/form-data`` parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data This allows remote attackers to generate an extremely high volume of logs, constituting a DoS attack This DoS is compounded by the ...
Amazon Linux 2: ALAS-2025-2888
Tornado is a Python web framework and asynchronous networking library When Tornado's ``multipart/form-data`` parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data This allows remote attackers to generate an extremely high volume of logs, constituting a DoS attack This DoS is compounded by the ...
Amazon Linux 2: ALAS-2025-2889
Tornado is a Python web framework and asynchronous networking library When Tornado's ``multipart/form-data`` parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data This allows remote attackers to generate an extremely high volume of logs, constituting a DoS attack This DoS is compounded by the ...

Github Repositories

https://github.com/husain-barot-786/Elevate_Labs_03_Kali_Vulnerability_Scan

Vulnerability assessment of Kali Linux system using Nessus Essentials.

Elevate_Labs_03_Kali_Vulnerability_Scan Vulnerability assessment of Kali Linux system using Nessus Essentials Kali Linux Vulnerability Scan Report Description This repository documents a basic vulnerability scan performed on a Kali Linux system using Nessus Essentials The goal was to identify security issues, understand their severity, and explore basic remediation strategies

References

CWE-770https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1105886https://nvd.nist.govhttps://github.com/husain-barot-786/Elevate_Labs_03_Kali_Vulnerability_Scanhttps://www.first.org/epsshttps://alas.aws.amazon.com/AL2023/ALAS-2025-1002.htmlhttps://github.com/tornadoweb/tornado/commit/b39b892bf78fe8fea01dd45199aa88307e7162f3https://github.com/tornadoweb/tornado/security/advisories/GHSA-7cx3-6m66-7c5mhttps://lists.debian.org/debian-lts-announce/2025/05/msg00038.html
Preferred Score:
CVSSv2
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
loftoceanCVE-2025-49234CVE-2025-48145spareCVE-2025-49854CVE-2023-33538injectioninjectmichal jaworskitemplate injectionCVE-2025-45878CVE-2025-43200slim seo
Home
/
Search Results
/
CVE-2025-47287
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook