AI description
CVE-2025-48988 is a vulnerability in Apache Tomcat related to the allocation of resources without limits or throttling. This flaw can be exploited by a remote attacker sending a specially crafted request with an excessive number of multipart sections during a file upload. The vulnerability can lead to excessive memory consumption on the Tomcat server, potentially causing resource exhaustion and a denial-of-service (DoS) condition. It affects Apache Tomcat versions from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, and from 9.0.0.M1 through 9.0.105.
- Description
- Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.
- Source
- security@apache.org
- NVD status
- Modified
- Products
- tomcat
CVSS 3.1
- Type
- Secondary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- HIGH
- security@apache.org
- CWE-770
- Hype score
- Not currently trending
Apache Tomcat & More: Exploits out for CVE-2025-48988, others. Act fast! ⚙️ #ServerSecurity #Apache https://t.co/RNrcqKcrRq
@CyberWolfGuard
7 Jul 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Vulnerabilidades de Apache Tomcat ❗CVE-2025-49124 ❗CVE-2025-48976 ❗CVE-2025-48988 ❗CVE-2025-49125 ➡️Más info: https://t.co/7eAROdxPbW https://t.co/ARhqdX4TGr
@CERTpy
19 Jun 2025
109 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
2025年6月16日、Apache Tomcatに重大な脆弱性が複数報告された。 CVE-2025-48976およびCVE-2025-48988は高深刻度のDoS攻撃を可能にし、CVE-2025-49124とCVE-2025-49125は認証回避や権限昇格の恐れがある。 影響範囲はTomcat 9.0.xから1
@yousukezan
17 Jun 2025
9081 Impressions
27 Retweets
85 Likes
36 Bookmarks
0 Replies
4 Quotes
Apache Tomcatで複数脆弱性が修正。DoS2件(CVE-2025-48976, CVE-2025-48988)、Windowsインストーラでのサイドローディング(CVE-2025-49124)、Pre/PostResourcesにおけるセキュリティ制約回避(CVE-2025-49125)。 https://t.co/3DJG9PvXp6
@__kokumoto
17 Jun 2025
1198 Impressions
2 Retweets
7 Likes
3 Bookmarks
0 Replies
0 Quotes
Apache Tomcat CVE-2025-48988: FileUpload large number of parts with headers DoS https://t.co/CJMnlUeEkH CVE-2025-49125: Security constraint bypass for pre/post-resources https://t.co/Xf5vlsRQVv CVE-2025-49124: exe side-loading via icalcs.exe in installer https://t.co/q2MAFtMdux
@oss_security
17 Jun 2025
81 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
Apache Tomcat patched four vulnerabilities (CVE-2025-48976, CVE-2025-48988, CVE-2025-49124, CVE-2025-49125) affecting versions 9.0, 10.1, and 11.0, ranging from DoS to privilege bypass. Update immediately. #ApacheTomcat #Vulnerability https://t.co/lNt1FXhZtO
@the_yellow_fall
17 Jun 2025
178 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-48988 Resource Exhaustion Vulnerability in Apache Tomcat Versions 9.0, 10.1, and 11.0 https://t.co/QWY8Jhnxkl
@VulmonFeeds
16 Jun 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-48988 Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 … https://t.co/RWIJpsNk5E
@CVEnew
16 Jun 2025
426 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D212C189-EFC0-43CC-89C0-DAD766413A98",
"versionEndExcluding": "9.0.106",
"versionStartIncluding": "9.0.0"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "573ACC55-1E48-4489-A269-12C1A4501DDA",
"versionEndExcluding": "10.1.42",
"versionStartIncluding": "10.1.0"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EE393E87-D325-4ABB-B49C-5863ECD3DD83",
"versionEndExcluding": "11.0.8",
"versionStartIncluding": "11.0.0"
}
],
"operator": "OR"
}
]
}
]