AI description
CVE-2025-48988 is a vulnerability in Apache Tomcat related to the allocation of resources without limits or throttling. This flaw can be exploited by a remote attacker sending a specially crafted request with an excessive number of multipart sections during a file upload. The vulnerability can lead to excessive memory consumption on the Tomcat server, potentially causing resource exhaustion and a denial-of-service (DoS) condition. It affects Apache Tomcat versions from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, and from 9.0.0.M1 through 9.0.105.
- Description
- Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.
- Source
- security@apache.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- HIGH
- security@apache.org
- CWE-770
- Hype score
- Not currently trending
2025年6月16日、Apache Tomcatに重大な脆弱性が複数報告された。 CVE-2025-48976およびCVE-2025-48988は高深刻度のDoS攻撃を可能にし、CVE-2025-49124とCVE-2025-49125は認証回避や権限昇格の恐れがある。 影響範囲はTomcat 9.0.xから1
@yousukezan
17 Jun 2025
9081 Impressions
27 Retweets
85 Likes
36 Bookmarks
0 Replies
4 Quotes
Apache Tomcatで複数脆弱性が修正。DoS2件(CVE-2025-48976, CVE-2025-48988)、Windowsインストーラでのサイドローディング(CVE-2025-49124)、Pre/PostResourcesにおけるセキュリティ制約回避(CVE-2025-49125)。 https://t.co/3DJG9PvXp6
@__kokumoto
17 Jun 2025
1198 Impressions
2 Retweets
7 Likes
3 Bookmarks
0 Replies
0 Quotes
Apache Tomcat CVE-2025-48988: FileUpload large number of parts with headers DoS https://t.co/CJMnlUeEkH CVE-2025-49125: Security constraint bypass for pre/post-resources https://t.co/Xf5vlsRQVv CVE-2025-49124: exe side-loading via icalcs.exe in installer https://t.co/q2MAFtMdux
@oss_security
17 Jun 2025
81 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
Apache Tomcat patched four vulnerabilities (CVE-2025-48976, CVE-2025-48988, CVE-2025-49124, CVE-2025-49125) affecting versions 9.0, 10.1, and 11.0, ranging from DoS to privilege bypass. Update immediately. #ApacheTomcat #Vulnerability https://t.co/lNt1FXhZtO
@the_yellow_fall
17 Jun 2025
178 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-48988 Resource Exhaustion Vulnerability in Apache Tomcat Versions 9.0, 10.1, and 11.0 https://t.co/QWY8Jhnxkl
@VulmonFeeds
16 Jun 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-48988 Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 … https://t.co/RWIJpsNk5E
@CVEnew
16 Jun 2025
426 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes