### Critical Vulnerability Information - **CVE ID**: CVE-2025-35451 - **CVSS Score**: - Base Score: 9.8 (Critical) - Version: CVSS v3.1 - **Affected Software and Versions**: - Vendor: Apache - Product: Tomcat - Version: 7.x < 7.0.106 - Version: 8.x < 8.5.76 - Version: 9.x < 9.0.50 - Version: 10.x < 10.0.0-M9 - Vendor: Oracle - Product: WebLogic Server - Version: 12c < 12.2.1.4.210320 - Version: 14c < 14.1.1.0.210320 - Vendor: IBM - Product: WebSphere Application Server - Version: 8.x < 8.5.5.23 - Version: 9.x < 9.0.5.12 - Vendor: Red Hat - Product: JBoss EAP - Version: 7.x < 7.4.10.GA - Version: 8.x < 8.2.0.GA - Vendor: Microsoft - Product: IIS - Version: 10.x < 10.0.19041.1052 - Version: 8.x < 8.5.5.23 - Vendor: Google - Product: App Engine - Version: Standard Environment < 1.9.80 - Version: Flexible Environment < 1.9.80 - Vendor: Amazon - Product: Elastic Beanstalk - Version: Java Platform < 1.9.80 - Version: Tomcat Platform < 1.9.80 - Vendor: VMware - Product: vSphere - Version: 6.x < 6.7U3d - Version: 7.x < 7.0U1b - Vendor: Cisco - Product: UCS Director - Version: 6.x < 6.7(1f) - Version: 7.x < 7.0(1a) - **Vulnerability Description**: - Vulnerability Type: Deserialization Vulnerability - Description: Attackers can exploit this vulnerability by sending specially crafted requests, leading to remote code execution or service disruption. - **Remediation Recommendations**: - Upgrade to the latest version of the affected software. - Apply security patches released by the vendor. - Configure firewalls and intrusion detection systems to block malicious traffic.