PT-2025-25559 · Apache+10 · Apache Tomcat+10

Published

2025-01-01

·

Updated

2026-06-02

·

CVE-2025-48988

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.7 Apache Tomcat versions 10.1.0-M1 through 10.1.41 Apache Tomcat versions 9.0.0.M1 through 9.0.105
Description This issue is related to the allocation of resources without limits or throttling in Apache Tomcat, which can lead to resource exhaustion. Users are advised to upgrade to a fixed version to resolve the issue.
Recommendations For Apache Tomcat versions 11.0.0-M1 through 11.0.7, upgrade to version 11.0.8. For Apache Tomcat versions 10.1.0-M1 through 10.1.41, upgrade to version 10.1.42. For Apache Tomcat versions 9.0.0.M1 through 9.0.105, upgrade to version 9.0.106.

Exploit

Fix

DoS

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

ALSA-2025:14177
ALSA-2025:14178
ALSA-2025:14181
ALSA-2025_14177
ALSA-2025_14181
ALSA-2025_16880
ALT-PU-2025-10241
ALT-PU-2025-10263
ALT-PU-2025-10300
ALT-PU-2025-13307
BDU:2025-07526
BIT-TOMCAT-2025-48988
CESA-2025_14177
CVE-2025-48988
DLA-4244-1
GHSA-H3GC-QFQQ-6H8F
INFSA-2025_14177
INFSA-2025_14181
MGASA-2025-0191
OESA-2025-1644
OESA-2025-1897
OPENSUSE-SU-2025:15301-1
OPENSUSE-SU-2025:15302-1
OPENSUSE-SU-2025:15303-1
RHSA-2025:11695
RHSA-2025:11741
RHSA-2025:14177
RHSA-2025:14178
RHSA-2025:14179
RHSA-2025:14180
RHSA-2025:14181
RHSA-2025:14182
RHSA-2025:14183
RHSA-2025_14177
RHSA-2025_14181
SUSE-SU-2025:02214-1
SUSE-SU-2025:02261-1
SUSE-SU-2025:02280-1
SUSE-SU-2025_02214-1
SUSE-SU-2025_02261-1
SUSE-SU-2025_02280-1
SUSE-SU-2026:1058-1

Affected Products

Alt Linux
Almalinux
Apache Tomcat
Astra Linux
Bitbucket
Centos
Debian
Red Hat
Red Os
Rocky Linux
Suse