Back

Critical DoS Vulnerabilities in Python-Tornado Affecting SUSE and Debian

Severity: High (Score: 71.2)

Sources: Linuxsecurity

Summary

Two significant vulnerabilities in the Python-Tornado framework have been disclosed, impacting SUSE 12 and Debian 11 systems. CVE-2025-67725 allows for Denial of Service (DoS) via maliciously crafted HTTP requests, while CVE-2026-31958 introduces risks from parsing large multipart bodies, potentially leading to DoS attacks. Both vulnerabilities have been assigned high CVSS scores, with CVE-2025-67725 rated at 8.7. Additionally, there are concerns regarding incomplete validation of cookie attributes, which could lead to further exploitation. Users are advised to apply the latest patches immediately to mitigate these risks. The vulnerabilities were published in December 2025 and March 2026, respectively. Both SUSE and Debian have released updates to address these issues. Failure to patch could leave systems vulnerable to exploitation. Key Points: • CVE-2025-67725 and CVE-2026-31958 pose critical DoS risks to Python-Tornado users. • SUSE and Debian have issued patches to fix these vulnerabilities as of April 1, 2026. • Incomplete cookie attribute validation could lead to further security issues.

Key Entities

  • Denial of Service (attack_type)
  • CVE-2025-67724 (cve)
  • CVE-2025-67725 (cve)
  • CVE-2026-31958 (cve)
  • Debian (company)
  • Python-tornado (platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed