CVE-2025-48988

Опубликовано: 16 июн. 2025

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105.

Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.

Ссылки

EPSS

Процентиль: 3%

0.00018

Низкий

7.5 High

CVSS3

Дефекты

CWE-770

Связанные уязвимости

CVE-2025-48988

CVSS3: 5.3

redhat

3 дня назад

A denial-of-service (DoS) vulnerability has been identified in Apache Tomcat, concerning its handling of upload limits. A remote attacker could exploit this flaw by sending a specially crafted request containing an excessively large number of multipart sections. This malicious request can trigger excessive memory consumption on the Tomcat server, ultimately leading to resource exhaustion and a denial-of-service condition.

CVE-2025-48988

CVSS3: 7.5

debian

3 дня назад

Allocation of Resources Without Limits or Throttling vulnerability in ...

GHSA-h3gc-qfqq-6h8f

CVSS3: 7.5

github

3 дня назад

Apache Tomcat - DoS in multipart upload

EPSS

Процентиль: 3%

0.00018

Низкий

7.5 High

CVSS3

Дефекты

CWE-770